last executing test programs:

9m18.559520435s ago: executing program 0 (id=2448):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@updpolicy={0xc4, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}, 0x7, 0x0, 0x0, 0x0, 0x0, 0x2}, [@sec_ctx={0xc, 0x8, {0x8, 0x8, 0x1, 0x9}}]}, 0xc4}}, 0x10)

9m17.644433515s ago: executing program 0 (id=2451):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x140, 0x1a, 0x713, 0x0, 0x0, {{@in=@rand_addr=0x64010102, @in=@multicast2, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x6c}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x32}, @in=@rand_addr=0x64010101, {0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x4d}, {0x0, 0x1000000000000, 0x50f}, {}, 0x0, 0x4, 0xa, 0x1, 0x0, 0x40}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @XFRMA_SET_MARK={0x8}]}, 0x140}}, 0x0)

9m17.461515384s ago: executing program 0 (id=2454):
r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x3, 0x3)
getsockopt$bt_BT_SNDMTU(r0, 0x112, 0xc, 0x0, 0xfffffffffffffffc)

9m16.883546751s ago: executing program 0 (id=2456):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = openat(0xffffffffffffff9c, 0x0, 0x143042, 0x0)
sendfile(r0, r0, 0x0, 0x7a680000)
linkat(r0, 0x0, 0xffffffffffffff9c, 0x0, 0x1400)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00')
read$FUSE(r1, &(0x7f00000016c0)={0x2020}, 0x2020)

9m16.499152298s ago: executing program 0 (id=2461):
r0 = socket$inet(0x2, 0x2, 0x0)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x4e1d, @rand_addr=0x64010101}, 0x10)

9m15.868996754s ago: executing program 0 (id=2464):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
write$binfmt_script(r0, &(0x7f0000000cc0), 0x4)

9m15.521923171s ago: executing program 32 (id=2464):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000040)={0x1f, 0x21, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
write$binfmt_script(r0, &(0x7f0000000cc0), 0x4)

2m46.791668758s ago: executing program 5 (id=3683):
r0 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000100)={0x80000000000000})
socket(0x15, 0x3, 0x6)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0xa, 0x0, 0x30, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x700}})
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ac94270000"], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x11)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
r7 = memfd_secret(0x80000)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000040)=r7)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYRES64=r5, @ANYRES32, @ANYBLOB="001000008a0000001c00128009000100626f6e64000000000c0002800800140000000000"], 0x3c}, 0x1, 0x2000000000000000}, 0x0)

2m44.467256546s ago: executing program 5 (id=3689):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x4, 0x0, &(0x7f0000000600)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x2c, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
write$binfmt_elf32(r0, 0x0, 0x4cd)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x2, 0x0)
setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000006c0), 0x404008, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r4, @ANYBLOB=',mode=0'])
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
lseek(r5, 0x10001, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff08000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600"], 0x48}}, 0x0)

2m43.864176301s ago: executing program 5 (id=3691):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f00000000c0)='netlink_extack\x00', r3}, 0x11)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x23)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)='D', &(0x7f0000000240), 0x4b2, r4}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), &(0x7f0000000680), 0x2, r4}, 0x38)

2m42.898052956s ago: executing program 5 (id=3697):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
rt_sigqueueinfo(0x0, 0x1d, &(0x7f0000000500)={0x0, 0x1, 0xfffffffa})
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000080)={0x16, @empty, 0x4e20, 0x4, 'sh\x00', 0x10, 0x3, 0xf}, 0x2c)
socket$inet_tcp(0x2, 0x1, 0x0)
mount$bind(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f00000002c0)='./file0/file0\x00', &(0x7f0000000340), 0x1, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x1, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, 0x0, 0x21a8}, [@IFLA_IFNAME={0x14, 0x3, 'netdevsim0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x5, 0x1}}]}]}]}, 0x48}}, 0x0)
mount$bind(0x0, &(0x7f0000000240)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000300)='./file0\x00', 0x0, 0x2125099, 0x0)
mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180)='rpc_pipefs\x00', 0x0, 0x0)
umount2(&(0x7f0000000000)='./file0\x00', 0x0)

2m42.455895884s ago: executing program 5 (id=3700):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0)
rt_sigprocmask(0x2, &(0x7f00000001c0)={[0x8]}, &(0x7f0000000240), 0x8)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = syz_genetlink_get_family_id$nfc(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x24, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_COMM_MODE={0x5}]}, 0x24}}, 0x4040)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x7, 0x4)

2m42.127543546s ago: executing program 5 (id=3704):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r5, 0x5421, &(0x7f00000000c0)=0x5d4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0, 0x0, 0x0)
r7 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(r7, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r7)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001a}}, 0x1c}}, 0x0)

2m41.720968831s ago: executing program 33 (id=3704):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
socket$inet_udp(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = syz_open_dev$vcsa(&(0x7f0000000300), 0x1, 0x102)
ioctl$int_in(r5, 0x5421, &(0x7f00000000c0)=0x5d4)
r6 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000140)='sched_switch\x00', r6}, 0x10)
mount(&(0x7f0000000080)=@nbd={'/dev/nbd', 0x0}, 0x0, 0x0, 0x0, 0x0)
r7 = socket$kcm(0x2b, 0x1, 0x0)
sendmsg$inet(r7, &(0x7f0000000240)={&(0x7f0000000000)={0x2, 0x4001, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x200048cc)
setsockopt$sock_attach_bpf(r7, 0x1, 0xd, &(0x7f0000000080), 0x24)
close(r7)
setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=@ipv4_newrule={0x1c, 0x20, 0x301, 0x0, 0x0, {0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1001a}}, 0x1c}}, 0x0)

1m9.154768121s ago: executing program 4 (id=3985):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, 0x0, 0x48)
syz_io_uring_setup(0x20c9, &(0x7f0000000340)={0x0, 0xecbe, 0x2, 0x2, 0x800d3}, 0x0, 0x0)
r4 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r4, 0x29, 0x20, 0x0, 0x0)

1m8.131122459s ago: executing program 4 (id=3989):
ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x3d, &(0x7f0000000000)='cgroup\x00\x8d\f\xf3\xcd\xc6X$\x01n-Hg\x144-.\xe2\x053\xe2\xf4\xbf[\xe9\xdddU\x91\x9d,\t\x8d\xc3@\x86,\x7f\xe2Z\xe8L\x80\xdbe~c\xbc\x9b\xcf\x9b\x1cH\x95\xf3'}, 0x30)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000040)={@cgroup=r1, r2, 0x2, 0x2, 0x0, @void, @value}, 0x10)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)={@cgroup=r3, r0, 0x2, 0x0, 0x4000, @void, @value}, 0x10)
r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x20042, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
ioctl$USBDEVFS_CLEAR_HALT(0xffffffffffffffff, 0xc0105502, &(0x7f0000000300)={0x1, 0x1})
r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r7 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r7, 0x0, 0x10009004)
syz_kvm_setup_cpu$x86(r5, r6, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x2982, 0x0)
add_key$keyring(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xffffffffffffffff)
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r8=>0x0}, 0x4000)
setresuid(r8, r8, 0x0)
request_key(&(0x7f0000000040)='dns_resolver\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\trust\xe3c*swO\x00\x00\xee\x02\x00\x00', 0x0)

1m7.887761821s ago: executing program 4 (id=3991):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, 0x0)
ioctl$SNDCTL_DSP_STEREO(r0, 0xc0045003, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x12, 0x4, &(0x7f0000000140)=ANY=[], &(0x7f0000000600)='syzkaller\x00', 0x6, 0x0, 0x0, 0x41100, 0x2c, '\x00', 0x0, @cgroup_sock_addr=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
bpf$BPF_GET_BTF_INFO(0xf, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8)
socketpair(0x1, 0x1, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd)
write$binfmt_elf32(r0, 0x0, 0x4cd)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = socket(0x10, 0x2, 0x0)
setresgid(0xffffffffffffffff, 0xee00, 0xffffffffffffffff)
getsockopt$sock_cred(r3, 0x1, 0x11, &(0x7f0000caaffb)={0x0, <r4=>0x0}, &(0x7f0000cab000)=0xc)
mount$bpf(0x0, &(0x7f0000000000)='.\x00', &(0x7f00000006c0), 0x404008, &(0x7f00000001c0)=ANY=[@ANYRESHEX=r4, @ANYBLOB=',mode=0'])
r5 = syz_open_procfs(0x0, &(0x7f0000000040)='mountinfo\x00')
lseek(r5, 0x10001, 0x0)
socket(0x200000000000011, 0x2, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000240)=ANY=[@ANYBLOB="48000000100005ff08000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600"], 0x48}}, 0x0)

1m7.039199395s ago: executing program 4 (id=3993):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
rt_sigprocmask(0x2, 0x0, &(0x7f0000000240), 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x24, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_COMM_MODE={0x5}]}, 0x24}}, 0x4040)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x7, 0x4)

40.692963381s ago: executing program 4 (id=3993):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
rt_sigprocmask(0x2, 0x0, &(0x7f0000000240), 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x24, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_COMM_MODE={0x5}]}, 0x24}}, 0x4040)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x7, 0x4)

16.086256525s ago: executing program 4 (id=3993):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = socket$inet6_sctp(0xa, 0x5, 0x84)
setsockopt$inet_sctp6_SCTP_RECVRCVINFO(r4, 0x84, 0x20, 0x0, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000140)="ad76b6c5", 0x4)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0)
rt_sigprocmask(0x2, 0x0, &(0x7f0000000240), 0x0)
r6 = accept4(r5, 0x0, 0x0, 0x800)
r7 = syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
sendmsg$NFC_CMD_DEP_LINK_UP(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000002c0)={&(0x7f00000000c0)={0x24, r7, 0x100, 0x70bd25, 0x25dfdbfc, {}, [@NFC_ATTR_COMM_MODE={0x5}, @NFC_ATTR_COMM_MODE={0x5}]}, 0x24}}, 0x4040)
setsockopt$pppl2tp_PPPOL2TP_SO_REORDERTO(r6, 0x111, 0x5, 0x7, 0x4)

13.083888238s ago: executing program 2 (id=4145):
r0 = add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000100)={0x80000000000000})
socket(0x15, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0xa, 0x0, 0x30, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x700}})
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x11)
r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0xd803, 0x0)
r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
ioctl$TUNSETFILTEREBPF(r5, 0x800454e1, &(0x7f0000000040))

10.337915491s ago: executing program 2 (id=4150):
r0 = add_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000100)={0x80000000000000})
socket(0x15, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0xa, 0x0, 0x30, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x700}})
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="110000000400000004000000ff00000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000000000ac94270000"], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x11)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0xffffffffffffffff)
r5 = socket$nl_route(0x10, 0x3, 0x0)
r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
r7 = memfd_secret(0x80000)
ioctl$TUNSETFILTEREBPF(0xffffffffffffffff, 0x800454e1, &(0x7f0000000040)=r7)
sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYRES64=r5, @ANYRES32, @ANYBLOB="001000008a0000001c00128009000100626f6e64000000000c0002800800140000000000"], 0x3c}, 0x1, 0x2000000000000000}, 0x0)

9.002869018s ago: executing program 2 (id=4153):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x803, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="440000001100a7cc4a372eaf541d002007000000", @ANYRES32, @ANYBLOB="013d6abb15e800ff00db7a0200d20000000000000008fcdc9ca68a2bccbe5ecd5c2eccce1d2f5b0e54b7a6c23ab3300a24310bd2d2f6647e542132b66ea3b1112a67c1cfe133d5f222e9e556e63fe55d4bbb0d3788f85075643e5d2b5dfe317c9a7cd3b5f87a790d9bbae7bf5032281286b1eab15d04129f39b11d25a91ca0f56b1dd2bfadeb7d", @ANYBLOB="4d85a4f202f65d159ff4604d3ee960b69c94da7af1b76cb8ab4ddb48d888ee0ba40c3a289bf2d59445b777268e35b3f822f1bb6a1d15b30207a8aed378e0be3295106b49f32376ba4f5b8f5e0122911d67b8dc52753576658770d2e6124f989d6437839d770b7262cf2f0a066466f553ee568ddebfaf0002c04b83b59a4892657d44d8d716e8d84a002a1439eb7efdf4823be489c927a722e402f194d171e13d0204f4043871d66c897edbc531a9cfd54d5d36", @ANYRESDEC], 0x44}, 0x1, 0x0, 0x0, 0x854}, 0x0)

6.553760452s ago: executing program 6 (id=4158):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = dup(r0)
write$UHID_INPUT(r1, &(0x7f00000029c0)={0xc, {"a2e3ad214fc7529b1b5f470787f70e06d038e7ff7fc6e5539b3267078b089b3b08386c090890e0878f0e1ac6e70a9b334a959b689a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31340d095d0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78669a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000002335875271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ed30c000000000000040d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1fe90a56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617601000000be70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d595a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9980000000b3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6c82fa678ca14ffd9f9db2a7869d85824056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c2021d653a5520000008213b704a5000000000007008ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710a80000000000008000bea37ce0d0d4aa202f928f28381aab144a4d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4e38a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2bed9e53803edf1a4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07845754b8400daaa69bf5c8f4ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f5d6d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034e00000000ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9ef6d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c478b095b68441a34cb51682a8ae4d24ad92f243941ed274549b79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdbe6c4579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93ae62fccfcbb2b75a2183c46eb65ca8124e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43e4fb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e01feffffffffffff83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369d75f2e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aa01b20f7694a00f16e2d0174035a2c22656dc00880acebdbe8ddbd75c2f998d8ac2dfad2ba3a50200000045a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcdddd754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe2907ac0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf463661c953fcad6f37525c1a0e94610dd94323f6c15d085197149bfbb655548cf99c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7cd419e037f3e3ad03f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaeecf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a37684f4113c48859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c105000000302a808d7f5251440613d17ca51055f2f416a44fe180d2d50c312cca7cb14a20dc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb40100000006376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a12810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7ceec7dc808bf653639d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de0ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac34b308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2dd9bb96e222d8e904f6529006c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6522fb5f6ffcdd56fed88935fcb75912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae233a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a5bd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08008897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b80c1c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c98ad90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39e3313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe360500000000000000b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1062dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1df0d07b3d5bd3b01faffd0addbed2881a9700af561ac8c7e36bb2fc4c40e9c766c06817bb9957697c9ede7885d94ffb0759be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c1484d2f9c55f4901203a9a8a2c3e90f39c3dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000210000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000600", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f00005ae000/0x1000)=nil, 0x1000, 0x3)
remap_file_pages(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0)
r2 = openat$vmci(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r2, 0x7a7, &(0x7f0000000040)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r2, 0x7a0, &(0x7f0000000200)={@host})
ioctl$IOCTL_VMCI_CTX_REMOVE_NOTIFICATION(r2, 0x7b0, &(0x7f00000002c0)={@hyper})
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x6)
r4 = syz_init_net_socket$ax25(0x3, 0x3, 0x0)
setsockopt$ax25_int(r4, 0x101, 0x7, &(0x7f0000000000)=0x2, 0x4)
setsockopt$ax25_int(r4, 0x101, 0x1, &(0x7f0000000040)=0x2, 0x4)
socket$inet_smc(0x2b, 0x1, 0x0)
ioctl$TCFLSH(r3, 0x80047437, 0x10000000000006)

6.410932813s ago: executing program 2 (id=4159):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0xfffffff2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, 0x0, 0x84)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992", 0xc)
recvmmsg$unix(r6, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000002740)=""/188, 0xbc}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002a40)=""/239, 0xef}], 0x5}}], 0x1, 0x20, 0x0)
sendmmsg$unix(r6, &(0x7f0000000680), 0x4924924924925c6, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000440)={0x50, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x9}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xa}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000004)

6.169883189s ago: executing program 6 (id=4160):
r0 = add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0xa, 0x0, 0x30, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x700}})
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r2, &(0x7f0000000200)}, 0x20)
write$RDMA_USER_CM_CMD_RESOLVE_IP(0xffffffffffffffff, 0x0, 0x0)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(0xffffffffffffffff, 0x5760, 0x11)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, 0xffffffffffffffff, 0xffffffffffffffff)
openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0xd803, 0x0)
r3 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r3, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t ro'], 0x27)
memfd_secret(0x80000)

5.354542364s ago: executing program 2 (id=4161):
r0 = add_key(&(0x7f0000000000)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffd)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x80)
ioctl$IOC_PR_CLEAR(r1, 0x401070cd, &(0x7f0000000100)={0x80000000000000})
socket(0x15, 0x3, 0x6)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(0xffffffffffffffff, 0xc0045516, &(0x7f0000000000)=0x639)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r3, 0x89f1, &(0x7f0000000600)={'ip6gre0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x4, 0x0, 0xa, 0x0, 0x30, @private1={0xfc, 0x1, '\x00', 0x1}, @private1={0xfc, 0x1, '\x00', 0x1}, 0x80, 0x700}})
socket$nl_route(0x10, 0x3, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x48)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f00000002c0)={r4, &(0x7f0000000200)}, 0x20)
keyctl$KEYCTL_WATCH_KEY(0x20, r0, r1, 0x0)
ioctl$IOC_WATCH_QUEUE_SET_SIZE(r1, 0x5760, 0x11)
r5 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000000), 0xd803, 0x0)
r6 = openat$selinux_user(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
write$selinux_user(r6, &(0x7f0000000080)=ANY=[@ANYBLOB='system_u:object_r:auth_cache_t root'], 0x27)
ioctl$TUNSETFILTEREBPF(r5, 0x800454e1, &(0x7f0000000040))

5.228913375s ago: executing program 6 (id=4162):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0xfffffff2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, 0x0, 0x84)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea54", 0xe)
recvmmsg$unix(r6, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000002740)=""/188, 0xbc}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002a40)=""/239, 0xef}], 0x5}}], 0x1, 0x20, 0x0)
sendmmsg$unix(r6, &(0x7f0000000680), 0x4924924924925c6, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000440)={0x50, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x9}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xa}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000004)

5.053997365s ago: executing program 3 (id=4163):
creat(&(0x7f0000000000)='./file0/../file0\x00', 0xecf86c37d53049c9)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
r1 = openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x2, 0x80805, 0x0)
r3 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADD(r3, 0x0, 0x482, &(0x7f0000000040)={0x84, @broadcast, 0x4e20, 0x3, 'wrr\x00', 0x1, 0x2, 0x6e}, 0x2c)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newtaction={0xc0, 0x30, 0x3ee760a957d59f6e, 0x0, 0xffffffff, {}, [{0xac, 0x1, [@m_ct={0x60, 0x2, 0x0, 0x0, {{0x7}, {0x38, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x3, 0x11e41e7a, 0x20000000, 0x0, 0xf}}, @TCA_CT_NAT_IPV6_MIN={0x14, 0xb, @private0}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e23}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x1}}}}, @m_ife={0x48, 0x20, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{}, 0x4}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xc0}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r4 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x15d74000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r4, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, 0x0)
write$dsp(0xffffffffffffffff, &(0x7f0000002000)='`', 0x88020)
setsockopt$IP_VS_SO_SET_ADDDEST(r2, 0x0, 0x487, &(0x7f0000000380)={{0x84, @private=0xa010101, 0x4e21, 0x3, 'lc\x00', 0x4, 0x8, 0x77}, {@rand_addr=0x64010102, 0x4e23, 0x2, 0xcd, 0x12d5f, 0x3}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r3, 0x0, 0x485, 0x0, 0x0)
r7 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x24000040)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1)
sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r7, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000280)={&(0x7f0000002040)=ANY=[@ANYBLOB='P&\x00', @ANYBLOB="000229bd7000fddbdf2583000000", @ANYRES32=0x0, @ANYBLOB="c0111180bc11058070010080bc000380b8000180100001800400090004000a0004000a001400018004000c0004000100050007000b0000001c00018004000b00050005000f000000080002000200000004000a0010000180060004000700000004000a001c0001800500070001000000040009000500070005000000040008000c00018006000400ffff00000c00018004000b00040009003000018005000700f600000006000400030000000400010004000b0006000400970c00000400090005000600180000000c00028005001801150000000a00010008021100000000004c000280050019010d000000080022010202000008009f0007000000080026006c0900000500190107000000080026006c09000005001901070000000800a000030000000800a000030000004c0002800800a1000700000008002201c602000008002600a8090000080022015c01000008002201e103000008002201e1030000050018011700000008002700010000000500190106000000e80400800a00010008021100000000007c0103800400020004000200280001801c00018004000b000400080004000b0004000900050003000200000008000180040008c718c0707a9141e2df004c0001803400018004000a000400010005000300030000000400080004000c000500050007000000050003000b00000006000400030000001400018006000400010000000400090004000b005400018050000180050005000d00000004000800050003000c0000000600040000000000050006000f00000005000600110000000600040029000000050003000600000005000700000000000800020001000000a40001800c0001800400010004000c002400018003000a0004000a000500050009000000080002000400000005000700060000003400018004000a00060004000000000004000900080002000400000005000700060000000500070003000000050006000c0000001c000180050005000a000000050007000700000005000500040000000c000180050006001600000014000180050006000a000000050006000e00000004000200e0010380d8010180300001800500060005000000060004008000000004000a0005000300070000000400080005000700d300000004000c0044000180050006000100000004000b00050006000b00000008000200020000000800020004000000050003000700000004000b0004000b0004000900050006000e0000002400018004000100040008000400090004000c0004000a0004000a00050003000e000000280001800400090005000600070000000800020001000000050003000a0000000500060002000000240001800500050000000000050007000000000004000a0004000800050005000c00000034000180060004000800000008000200010000000500050009000000040008000400090004000100050006001000000004000c00380001800500070001000000050006000300000004000100060004000400000004000c000500060003000000050003000200000004000b004000018004000a00060004000100000004000c0005000700070000000800020003000000050006000300000004000100060004000180000008000200000000002000018004000100060004000000000004000c00040008000400080004000800240001800500050004000000040001000400090004000c0004000800050006000e00000004000200ac000380a00001801c00018004000800050007000000000004000c0008000200020000000c000180050007007f0000002c00018004000b00050003000600000006000400050000000800020004000000050005000500000004000c001400018005000600180000000600040098000000280001800500070081000000080002000100000004000a00050003000500000004000a0004000b000c00018005000700070000000400020004000200d00003804800018014000180040001000400090004000b0004000c000c000180050007000100000024000180050003000f000000050003000c00000004000a00060004008000000004000a008400018024000180050007000900000006000400ffff000006000400040000000500050004000000180001800600040009e600000400080005000500070000001400018004000a000500070007000000040001001c00018005000700d800000004000c0004000a0005000500080000001400018005000700000000000500070001000000180200800a0001000802110000000000080203800400020004000200700001804000018004000b0004000100050006000b0000000500070000000000050007007800000004000b00050003000e000000050006001200000004000b0004000b002c00018004000b0005000300090000000400080004000c000800020003000000080002000200000004000900040002003800018008000180040001002c000180080002000100000004000a0005000700c1000000050007000900000004000a000500030002000000b80001801000018004000a0008000200010000002c00018005000700ff00000004000a00040008000500060018000000050005000c0000000800020003000000340001800400090004000a00040001000400090004000a00050003000b00000004000b00050006001d000000050007000800000028000180050007000a00000004000900050005000c000000050007007a00000006000400010000001800018004000c0005000600030000000400090004000900040001801800018014000180050007000900000008000200000000004c0001802800018004000900050006001000000008000200020000000400080004000c000800020002000000180001800400010005000600120000000500060010000000080001800400080034000180180001800600040001800000050006001600000004000800180001800500050000000000050007000800000004000c000c00008008000380040002001800008008000380040002000a000100ffffffffffff0000380000803400028008002700030000000800a1000000000008002201830000000500190106000000050018011d000000050019010f000000c00200800a00010008021100000100000a000100ffffffffffff0000b800038004000200500001800c00018004000800040009000c000180050003000000000034000180040008000800020002000000050003000b0000000600040081ff000004000b00050003000400000004000b0004000c005c0001800c0001800500050008000000340001800400090004000b0004000b0004000b00050005000d00000005000300090000000400080004000c000400080004000a00180001800400010004000c00040008000400080004000b00040002004c00028008002700000000000800a00004000000080026007c15000008002600e01500000800a10007000000050018010b0000000800a10008000000080026006c0900000800a100050000000800038004000200800103800400020074000180180001800400090004000a000400010004000b000400010014000180050005000f00000005000700030000004400018004000900040008000500070005000000050005000100000005000700020000000500030002000000050003000d0000000800020000000000050005000f000000000101803800018005000300070000000600040007000000050007008000000004000c00080002000300000004000c0004000b0004000c00040001000800018004000b002c000180050007000300000006000400ff0f0000050005000c00000004000c0004000b000400090004000c00180001800400080004000b00050006000c0000000400080010000180050006001e000000040009001c00018004000b0004000100080002000400000005000500030000002800018008000200040000000500060004000000050007008100000004000b000500070005000000240001800500030007000000040009000500050004000000040001000600040001800000040002000a00010008021100000100000a0001000802110000000000340300800a00010008021100000100000a00010008021100000100009c02038004000200e00001801c0001800400010004000100050006001e00000008000200040000001c0001800500050006000000050006000500000005000300020000003c0001800500070010000000050003000a000000050007000900000004000b00060004003000000004000800050005000c00000004000b00040008001400018004000b00040001000400010004000900300001800800020001000000050007000f000000050003000a000000060004000700000004000b0004000a0004000c002000018004000900040001000400090004000900050006000f0000000400090004000180bc0001804400018006000400090000000400010004000a00050003000700000005000700040000000400090006000400040000000800020003000000060004005100000004000a003800018004000a0005000300090000000500050005000000050003000a0000000800020000000000050003000e00000004000c00040008001000018004000c0004000a0004000a001000018004000a0005000500000000000c000180050005000c00000010000180060004004c00000004000a00f800018010000180050003000200000004000c000c000180050006001700000028000180050007000000000004000b0004000b000400080004000a0004000800050007000200000048000180050003000100000006000400ffff0000050003000f00000005000300070000000500070007000000050005000a000000"], 0x2650}, 0x1, 0x0, 0x0, 0x4}, 0x4810)

4.839389377s ago: executing program 1 (id=4164):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f0000000040)={0x400, 0x2004, 0x6, 0x3}, 0x8)
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000cc0)={&(0x7f00000008c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x8, [@datasec={0x6, 0x1, 0x0, 0xf, 0x3, [{0x4, 0x2, 0x2}], "8f54b7"}, @datasec={0x0, 0x0, 0x0, 0xf, 0x1, [], '@'}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x48, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x28)
r1 = socket$inet_sctp(0x2, 0x5, 0x84)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000000)=@framed={{}, [@ringbuf_output={{0x18, 0x5, 0x1, 0x0, r2}, {}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1f}, {0x85, 0x0, 0x0, 0x15}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x0, 0xe, 0xfeff, &(0x7f0000000100)="e0857f9f582f0300000000000000", 0x0, 0x2f00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
r4 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0)
getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={<r5=>0x0}, &(0x7f0000000300)=0x8)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r1, 0x84, 0x70, &(0x7f0000000200)={r5, @in6={{0xa, 0x4e24, 0x8, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x2}}, [0x9, 0x2, 0x1, 0x8b, 0x4bdc, 0x1, 0x5, 0xab3, 0x1, 0xa, 0x80000000, 0x8, 0xd, 0x400000, 0x2]}, &(0x7f0000000000)=0x100)
setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000080)={0x2, 0x0, 0x1, 0xa5, 0x45ae, 0x2, 0x0, 0xa2f, r5}, 0x20)
sendto$inet(r0, &(0x7f0000000240)="4c8344a2be869498b325537829cf2ff5dd3c3ca066cf3ba311ec01b386a2ed4ac523fdcda34e448cdc0717038300972af71961f7eab47df9fb471ffbfd8a1e5cec0c3750581225901038e0cdd373b96f3d7b0f198b07585feea49fa21e20ddb41af217063aca5f899ffa4e23854609e1d46daf4f64477c2bff61b786e6e4eb9e26ff440e5321d7", 0x87, 0x10, 0x0, 0x0)
r6 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x4206, r6)
tkill(r6, 0x12)
ptrace(0x10, r6)
sendto$inet(r0, &(0x7f0000000100)="ab", 0xffe0, 0x40048c4, &(0x7f00000000c0)={0x2, 0x4e22, @local}, 0x10)
ioctl$SNDCTL_SEQ_GETOUTCOUNT(0xffffffffffffffff, 0x80045104, &(0x7f0000000200))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
r7 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r7, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0x72, 0x11cfa, 0x0, 0x8000008, 0x3, 0x4, 0x82, 0x0, 0x2})
read$FUSE(r7, &(0x7f0000001680)={0x2020}, 0x2020)
munmap(&(0x7f0000001000/0x4000)=nil, 0x4000)
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r7, 0x40505330, &(0x7f00000001c0)={0x800100, 0x3, 0x22, 0xe1d9, 0x1101, 0xff})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)

4.07897772s ago: executing program 6 (id=4165):
r0 = socket(0x10, 0x3, 0x0)
sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)}, 0x2200c881)
syz_open_dev$tty1(0xc, 0x4, 0x2)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
r3 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_DISALLOCATE(r3, 0x5608)
bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff, 0x6, 0x0, @void}, 0x10)
read$FUSE(r2, 0x0, 0x0)
write$FUSE_INIT(r2, 0x0, 0x0)
syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="040e05003d20"], 0x7)
setsockopt$kcm_KCM_RECV_DISABLE(r0, 0x119, 0x1, &(0x7f0000000280)=0x6, 0x4)
syz_fuse_handle_req(r2, 0x0, 0x0, &(0x7f0000000c80)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r4 = dup2(0xffffffffffffffff, r2)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x15, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x3, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
r6 = openat(r1, &(0x7f000000c380)='./file0\x00', 0x20842, 0x1a0)
writev(r6, &(0x7f00000002c0)=[{&(0x7f00000000c0)="14", 0x1}, {&(0x7f0000000380)="21c5741a6d8ef804a1c59b401e5990077d19e5fc59120021a7fe2f7902f131746373376ba35a950f8e92e27d9cfcb1c70192b2f0f670d8c724ab54024a15b2c0b88dd4561b4a5a343fa2fcaaf8e6756519d9aeb0308afab97ade71e4becb38f92af4becf714d58133961183c2f390796822160dcb995ee4f66ffb790bbd713cb3e7e55364d3acfa4919287b879cc97e36b9db8efd599cefe395dec0b60cef1db23ce85717867ee0065ccbb34b9", 0xad}, {&(0x7f0000000180)="73d363f9dbb5da6239915a34e7cc13d9d9113e25000a5669dfcaab1f0ac1144542817a08cd23b01380a4f40d612e29d3c33c831f627a9095120e3dace54d1623009a92534faf7cba447bd69f9f2ff265ae56da5f8bf55abf216b3ca6672236cef9dbe064566f6cc3597655ddd57307ebcee99547df87ceceb660e453ae7b", 0x7e}, {&(0x7f0000000100)="704950359c7c82491496b5f5e34a553a93919d09ba7492710c0c4ec573edcd86da", 0x21}, {&(0x7f0000001300)="c77320d1673630e3b6aac4f6f30f8625ef6bf58ebcc7e776de861740fa967027721f7e6d9fa6c75b673d7fa3549c49b95507822749b08eff92977746512014394a495ab4fba2b053510061b51e6bb5a457bdb3e5882aea7778e05d8e3f8f124ea9c36b7a9c7c62e338dea60274586e1a562817171a4578751cc5c9697ddabf3a9ae1a63b708a321706074aee826db65e33b716d346099764493345173b2a0152e785ff1500fa0370202f152bb587f4e3d3086d7ae82250d41520f8a23b76f3f89f029d647793033cb80f0c0432c0345c6e38fcfbd327c1c71bd0bdd6c569ce54ac72df0a8180b2e50cf1f71fa7cfe5a47420e08fe1251adf29804935333e439c41ea7a48058d188b7494b242a1484574606838bb11858fc0ea34c3aaf34d228646966a2507beb919ea41fa4eab9df1053600b160ea3ca3782269d031944a0c21817ab2d62993c541c04a244b9c6d6b6e6d89eb565ff38925b96ada10664ff6b05dd29c24ca47f52370a2d51c5eb1dd6b62e32484b6ccb5697abb0007de2ded5c69bd27cea7d61d8b405b431fa0cb158ede2c732ef3e956c9fb72a502dd5707855d6c1403dea7d789406c01cb88b392f0534d51bb4abad193ac9fa2e98eaf62aabe3642fed41c0a1de7eff90ae16177fe4e08e2670f969dc450fe518e7f3b8d570c81b9a0efe189f0f0ee93fa59e5cc48e54284ee472e66fffc2ff291b2fa1e94212e655c6681c449d28f2ea01093ca39f6010ce685acf53ac1428e8d23069eb5e024c2af11ee5b02c8d602ad403a2da955144dca095b6c34bd32626a98fcd38d81b94ac6f69f3286c278a464c33253c69514ecbfe37859382e8ed1ff0218c932e18e5b528c8fd740d07d60cd20ed74e51c536158ebb1bdd4aa88e2cfb3ced8508be050c42a7e281da7f95f54a327e74364ece4707e36d6af22b8a19440b4045fd739e16fd1a33da7c95d27c46e93fc5f4310529c2ec91e4f6a9efb415b9b023bb3bec8ee38ac9e0a7253a11641fcc9b9d2d54d5d444c9226e2b15976e4a09b12dff54452f141aea3cc9aecd3fc3699c10e2355ffaa8745d2233605ce245b38b4cde55885e84b9e862e115ba818a6ddf19d8ea84d7eb655da69ca326917048b693b9465847989e8ad49ce47c14e57620ceedd1f96d7d2b676d285adc8170e8fd91b351fce4bbc407825b55209397da047ae62482beb117f5c060caed7a306ce95b10f5cf24dfb03cdcde0d07347488d299a1a496cd81c50c2749428531b4273bb7c86786816a4cba815a4d68d6da4d30f513d413b00cdf64b87772bf39fb04869be16c30e04447797fa47033e02ab2372e9c38f40635bc9f611a36d8e1465435931df341ce423ec8ff13fba59f23906641ed8427ebbee1618c5725b7f442f593377f9a4f53361d8d38226d0fa41fa2f7a3e5323383c480aaa15729dca2b03bcf62e232633a78110863f24018e82b64b8b011fa0a33fb9de4b25d1faea577b509b28df8c7d6988d43dca62d413cb8f03d9721efb751b174e39ac9b5dc7fcdcae6e8ea77e0f7760c2a665667f07aee356741ca02366fcb1bb3ca8184704045811c17613beaeacb05a51eb34adbf6b6d3fc596bef6e29e4236c5105b6ef379e6fe6e4d5dca5a5b331f18997741688e48ebc9d0ca5182c483d888da780e6e8a403254c89b0438db3354b9c32bdcee26f276dd7daad6a6865d7da625cc470657cbdd050045151cd03a9b9a7472718e7b884a60ad923720cea1f89617d40e6e27cb8991456f9c6dfde30cbd1125c7fea62c73bd205b6a232c0a11fb8b23bb10af465a07b31fc2f5dc79f0d4083d360c5d2763ff0680c054fcc5d17a243a665d2984f2ff4ac90ed84fddc4519ec7e83ce721352371753cd0cafbafb7ee23d9b9b367a1e3ceb771edb6cabb1ad3986f5afe969dbd92e3a72896bc33e5dd6b34a462e697245974250bb29b37ea4e04c060abe24aae4f1f613d65018bc41b1d9ec5c3f6d77b59fc42706c87f08094571dbc4bdcf3ec4b6df3a12d12a9f19e464059771d2207feef999c3e05fbfe3e2d8248ec2a88e1b711c6ef495b8f5ac672037ff4f48828edda9c23a28a2b4a86f63f8e4fe5f4781f49b2ed3921fd102e9cc68cd0ef43c7e625fb4ec599490d3aee627b12fbdadacf86ab9d3bf42f93343c1866afef9531d4e36a6f67a3a10b438f62bdbbd2b844ca43602650a570027876cc4a71a18194df3b9da478e954c3b9df94599630e911d78c48cac765f589c4f9472c6c4055ac1d156b7032a3cf31ddbe1d1bb3e2e1e037f2efad35c174d08d71629a5eba8ccbe0b8174eaaa743720adef9b65bad719944fa1765c591e65dbb49ee18dbfc7e728ddc9ccac53a3f5527f0306a54c7d04a9954715d87bac09c1bf21f1999f94b8193c97d6a02f0b80f581d4dee3ccd923ea82256964df942a417853186a0fdecfef475c072a0a4ac7a8f73316eed34ba1ee6e3bd3b65d94f3ba6f5e9b9744d5342d5eaa40d21583a96886f0555d5bcb8139137a7c0d19d222486495cecbc444fa375d3be86d08fadf3be102b3e5925cc13dbaa8af0cce449c6d78a95b98898d7b889df5f3160ec3fe474ea0447d3bb012e27165b6b45707f6c97c84dbb241fc22e8173fa45aed32307af8bf8ed58dffd75088738977a439e5a5599cfcc610de995fffae8cb2725967d0ec37dbfc1c1b9934ba00c14137b2167ad713b233b4dadbb6353d3674289e28525a385d53a111fefe7caad67c675f12d7900a9e4d1f5aa9f010a42272742d594348a4c1daf36b7dd653af1142735d6957a8cc2afd4d4f2ecb2cd2e083185e490a8d8e5dd68ebac3c1d56b225742b68c8982e38f565c4af131a285429c25659e493c3b2349567399fb0c88cd21fcb4ad8dcc8c97c72f7c4b7032ad4e5c5cd9c605108924916452507b43cc208e15fea7465c18f2033e14ebaee78ce2c7bf82ed0bc1618e49f7d10f7023bcd99525efd6d803b77d4371783e853236520048f7eba5af9445fb6fefa91b52c10353add665744c7f2a7ddee11d25872f6a03b1b4fe1e9b7568b9f1952b3d86020387197280ff3da0eee61425598cee84485fd683fdb4641cad253245e8448ab1d9acd3813a67e6cd0f2168fbe3d05533ae00a96a7cfec971b5cc6b3d5e192f1b877e99c1362059725aad83c0198957c899bbb6aa8e17473431d5d466e36e6ca33f39918e39fd997f1c1d9e65d3a18ba217860b3818fb8c9988cbd350f49688c86dbe483f274d6b2dd4b2ee1e9cd692d328ec2d8daa2f629b6054a05356cd959c021de0772b4e5838e324703431a7d74af63ac8eda79e897307c54ee00349dacb33305ca33d5c5a6d08d31f2c0e6e2a649eef18cf485dd85904c91ef2b1420fae337be26b30403b7e500a406a2706473b2e1c4e8d024686f064bcda902ec7ce263c38485e2266b7f71df2477d1db9338918125b17b9df9f722e1aa62717daf29548af57dd4d6a394fdeef21552e0f743f1cb6df040c231775a29d21304c7c43eeab423a8f0fc68bc637d6ab048d5db7abddf9d7f1922268356e66b91cf4d39a2919c17ddd15652b0967f6a0a02d189b932757d7b9e08435f6d2bd2f9d64504c622e8ee52e1fa9061ad698267d41153aab3ad1eb91727ff22d08c81e6be4e085b4159c4996e542fb8d98ada3cf1e8390861f2a7c3981a8ccb60f71df33f61712f9a248f155673a7208d954104011b5df1d6758a5fafc69878db65f46b9171ae6e7969b93b64d04da602034355a72e3ff4dfa8045b87050c9500fc46ca0e56ac277c9441af5c36e6f88f3a2d1b64f0644a0fdebbb3559f3d8463105d356fd31760d1e4df221ffcd870cc59f92d4bc4a0154a581974372ed0e8f4b4edeca7080c08782ca9d348848a241e3717e3e55c39bbde26d0728adab4bf470396bc642135fbb32e76c68e0cfd3471b829c12a9e367e278e0556b818971c82eaa3c98e4b7ca754ffae91221d74145283ba9036dc983ea62c7e9521ce91acbe741d574967020c229d49321c1dbe25cda8c9837e54cb91f7fdc46d7ae3c873d537d14873d8b36cfbfb0b8b6372b27e8c39de7b2e581c92a8fad710a40f3c3fad4acb514d6aa7e3cdbaf87cd3857976c30a46de39fb9ee0fc3c4294dd5bfa04ac4c0878c18187ff16beb0760f6d899bc8470089e58bca5b8a28221c2844cd1675e4282d4f019c187e14a9ef881b460d1195031e1b517a614fc270d3a7fd8169bc5d4924426bbe844c087fcd783be5b6e999bb8f5d0b7bbfea3d1479f8b1f4916febe11acf623f9d7f62abb299f659269e6b7a6898f759c77cd8dff26388031f161c1a9a3edac78a081d0cd92d5cac940b74fff6a9868e6e72c1f0ee545394ce3d2497be57fb1a82f3cad56e928a8af5292824652d25e1bfebc01d625542a0150b383a98d0b8f75c2e0eda95c3cd935ff24042d319fc91e5e27976aa93a7d11fa95f33b5c0321f3e7a974cb90a3571e9a930b2a062a1155b91ec7410a3d3a84a0344f0052d4156e03ac1d5b1e90c13d48e8788fa61fb89e9f2be8148919c38e992e63b3feb56ba657f193d798fcf655bacb7e82a48adf3728d087358b5219421730601958fc9bff3ca08fdd5a4f5a4836dffb2f05281609e2c506306d384d1e5b32f63c9e60932f8532bec70b0dfa983cc9d06450a34ad4e7c3b150152d77abd37fca0e93caf582bab5bfaffee3bf8d0790f49665fdfef12e322914308fe44a149f861a7feb68f079a1c953973df78b20555077d1b91b7f8a9c33d5f494749d1f8c0e58986632194ee6286ac6f527612cd35fa653607361feb336593ae5ae91649960ad11e96a4e6e5910b98c708bb23a263f069915871c56af82c6e879be2305dc688fc0765ad38f8da1f902e61f875f2ccc86f5af8d24dddfe2e5094b17fe90b5fcffcd2146884e4fe49e4ba431ac5237161699807e863605729e289cb0f13a677083595f090c12d868547de2f97572bbae43a902daabc300c9ddb309ef951d075787371da80765dddc773735c20992db3b84954b165bd20754815b57df51f68f4ca5647a74c2b63252a9e1d98e58c523a1abb3ab710a7ed1c2fa2fc70a5b42dc3338bd11e633b1a63f0097fedb42d3a0488beb27a757944af968dea6770e79ee76fd7df5a2f365a5475d655a26de83d73297d80e02a9d6cce55e93473728d2ee8d03940fe923f3cf70c93ef5beff58b498db457ac0516a7d6805fec5bd6f94839214864abdb648f3f67bff812900b58822cb521e82599f9163d74d2ce7704ae2d6599275155005cb894f11d2810722a4d33e9f864fa4afe5aa8dc8b8c63c3245626219cb74562", 0xeb2}], 0x5)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r5, 0x0, 0x30, 0xe1515f8735398d3, @void}, 0x74)
r7 = open$dir(&(0x7f0000000240)='./file0\x00', 0x400, 0x80)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100000008b}, 0x0)
sched_setscheduler(0x0, 0x3, &(0x7f0000000180)=0x5)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000032700)=""/102393, 0x4df)
renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x7)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x18, 0xd, &(0x7f0000000500)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x2000001, 0x12, r7, 0x0)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
write$binfmt_script(r8, &(0x7f0000032680)={'#! ', './file0', [], 0xa, "1bf5bfa1c0de0000000000000006ed3825c7f596905de02de8fa8ad551e18c1acd076c99aa50ca4486e726abfd828f9abdb81098fa09"}, 0x10085)

3.866002908s ago: executing program 3 (id=4166):
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x1, 0x1, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0xd, "0adb3fb8"}, 0x5})
fsmount(0xffffffffffffffff, 0x0, 0x0)

3.682622541s ago: executing program 1 (id=4167):
syz_genetlink_get_family_id$nl802154(0x0, 0xffffffffffffffff)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
setsockopt$bt_BT_RCVMTU(r0, 0x112, 0xd, 0x0, 0x0)
sched_setscheduler(0x0, 0x3, 0x0)
syz_open_dev$MSR(0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
r1 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x1, 0x2, 0x1, 0x0, 0x2})
ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000000)={0x6, 0x1, 0x1, 0x0, 0x3})
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, 0x0)
ioctl$vim2m_VIDIOC_STREAMOFF(r1, 0x40045612, &(0x7f0000000080)=0x2)
ioctl$vim2m_VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000180)=@mmap={0x1, 0x1, 0x4, 0x1, 0x1, {}, {0x4, 0x8, 0x8, 0x5, 0x29, 0xd, "0adb3fb8"}, 0x5})
fsmount(0xffffffffffffffff, 0x0, 0x0)

3.644381446s ago: executing program 1 (id=4168):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', <r1=>0x0})
r2 = socket(0x10, 0x80002, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000bc0)={0x0, 0x0, 0x1, [0x10000, 0x40, 0x800, 0x1, 0x2], [0x9, 0x0, 0x18, 0x1, 0x8, 0x1ff, 0x0, 0xfffefffffffffff6, 0x1, 0x52c, 0x8, 0xc18, 0x101, 0x7, 0xfffffffffffffff3, 0x6, 0x5, 0x8, 0x2, 0x3, 0xffffffffffffff81, 0xff, 0x7, 0x7, 0x7, 0xb, 0x1, 0x9, 0xffffffffffffff0f, 0x6, 0x8, 0x3, 0x2, 0xfff, 0xd, 0x1, 0x4, 0x6, 0x100000001, 0xffffffffffffffff, 0x6, 0x2, 0xb0, 0x0, 0x800, 0x4, 0x9, 0x80000000, 0x3, 0x0, 0x7, 0x2, 0x5, 0x4, 0x4, 0x2, 0x7f, 0x7, 0xfffffffffffffffd, 0x9, 0x4, 0x2, 0x1000, 0xf1, 0x14da511f, 0x62d12819, 0x7ffd, 0x4, 0x4, 0x80000001, 0xff, 0x3, 0x9, 0xac0, 0xc92, 0x9, 0x1000, 0x2, 0x1, 0x3, 0x47, 0x5c0dda70, 0xf, 0xfffffffffffffffa, 0x7, 0x6f1e, 0x2, 0x1e, 0x8, 0x3, 0x1, 0x7fff, 0xfffffffffffffffa, 0x1, 0x8, 0x3, 0x6, 0x200, 0x8000, 0x3, 0x51, 0x100000001, 0xc00000000000000, 0x9, 0x4, 0x8, 0x9, 0x9, 0x779, 0x9, 0x2, 0x9, 0x8, 0x80000000, 0x6, 0x8000, 0x9, 0x8, 0xffff, 0x40, 0xf1d2]})
syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, 0x0)
syz_usb_ep_write(0xffffffffffffffff, 0x82, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x6, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(0xffffffffffffffff, 0x6, 0x23, 0x0, &(0x7f0000000000))
r3 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_PORT_GET(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000003c0)=ANY=[@ANYBLOB="200000000514030300000000000000000800010000000000050003"], 0x20}, 0x1, 0x0, 0x0, 0x44000}, 0x0)
r4 = openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0)
write$cgroup_pid(r4, 0x0, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000001100a7cc4affeeaf541d002007000000", @ANYRES32=r1, @ANYBLOB="00000000100000001c001a80080002802d00ff00", @ANYRES16=r2], 0x44}}, 0x0)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x3d, &(0x7f0000000040)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x0, 0x7ffffdbd}]})

3.578494656s ago: executing program 6 (id=4169):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x102}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x1000000000021, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0xb, 0xd, 0x200cc, 0x6, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200), &(0x7f0000000240), 0x4b2, r3}, 0x38)
bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000700)={0x0, &(0x7f0000000540)=""/245, &(0x7f0000000640), 0x0, 0x2, r3}, 0x38)

3.139470584s ago: executing program 3 (id=4170):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x50, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0x5, 0x4}, {}, {0x5, 0xfff3}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0xc, 0x1, 0x0, 0x0, {{0x7, 0x9, 0x2}}}]}]}]}}]}, 0x50}}, 0x20008050) (fail_nth: 7)

2.649774733s ago: executing program 6 (id=4171):
bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8)
r0 = syz_open_dev$video(&(0x7f0000000000), 0x101, 0xab02)
ioctl$VIDIOC_STREAMOFF(r0, 0x40045613, &(0x7f0000000040)=0x1)
bpf$PROG_LOAD(0x5, &(0x7f0000002240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
arch_prctl$ARCH_GET_FS(0x1003, &(0x7f0000000980))
syz_emit_ethernet(0x5e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd60122d9200283afffe880000000000000000000000000001ff0200000000000000000000000000018900909d733f25246b6503ff0000000000000001ff0000aafc020000000000000000000000000000012fe4e7f2ab7aa0bdd9f0bcdf1e77ed9bf01ee920d53a6a84356f63365602"], 0x0)
r1 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)
setsockopt$ax25_SO_BINDTODEVICE(0xffffffffffffffff, 0x101, 0x19, &(0x7f0000000000)=@rose={'rose', 0x0}, 0x10)
syz_usb_connect(0x0, 0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="120100009cb5984071042903dadb000000010902120001000000000904"], 0x0)
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000000000000000000200000095"], &(0x7f00000003c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000002340)={&(0x7f0000002300)='ext4_ext_convert_to_initialized_enter\x00', r2}, 0x18)
r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/resume', 0x149282, 0x10)
write$cgroup_int(r3, &(0x7f0000000040)=0x7, 0x12)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
r5 = socket$kcm(0x10, 0x400000002, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a7401", 0x17}], 0x1}, 0x0)
write$cgroup_subtree(r5, &(0x7f0000000040)=ANY=[@ANYBLOB="93430000520033d487277b9b108b4ab502", @ANYRES32, @ANYRES8=r5], 0x4394)
mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x190009, &(0x7f0000002500)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}, 0x2c, {}, 0x2c, {}, 0x2c, {[{@allow_other}, {@allow_other}, {@blksize={'blksize', 0x3d, 0x1800}}, {@max_read={'max_read', 0x3d, 0xd}}, {@allow_other}, {@default_permissions}]}})
read$FUSE(r4, &(0x7f0000000200)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r4, &(0x7f0000002480)={0x50, 0x0, r6, {0x7, 0x9, 0x1, 0x0, 0x0, 0x0, 0x400}}, 0x50)
ioctl$sock_netdev_private(r1, 0x8914, &(0x7f0000000000))

2.295145049s ago: executing program 2 (id=4172):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
socket$inet(0x2, 0x2, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000100)={0xa, 0x4e23, 0x2bf21a5e, @private2, 0xd}, 0x1c)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "93bf0280"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0)
ioctl$HIDIOCGUSAGE(r1, 0xc018480b, &(0x7f00000000c0)={0x80000003, 0xffffffff, 0x3, 0x9, 0x1, 0xfffffffb})
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="1400000010e7010000000000000000000000000a20000000000a03000000000000000000070000000c00044000000000000000021c000000090a010400000000000000000700000008000a4000000003"], 0x64}, 0x1, 0x0, 0x0, 0x4004001}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000500)={<r2=>0xffffffffffffffff})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0xfffffffffffffe47, &(0x7f0000000080)={&(0x7f0000000100)=@newlink={0x44, 0x10, 0x40d, 0x70bd25, 0x25ffdbfc, {0x0, 0x0, 0x0, 0x0, 0x10}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_HELLO_TIME={0x8, 0x2, 0x6}, @IFLA_BR_MCAST_QUERIER={0x5, 0x19, 0x84}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000940)=[{{&(0x7f0000000580)=@pppol2tp={0x18, 0x1, {0x0, r3, {0x2, 0x4e24, @local}, 0x1, 0x2, 0x3, 0x2}}, 0x80, &(0x7f0000000780)=[{&(0x7f0000000600)="5a75be3faafcd80ee6fe0e4ea37a51bbbf2c0fbd3b140473c13bbbc9f3e3af50aba38030f0f94f42f1bf9905a65449237a62d783355f775eca4abf8a9a3ade94c376553b383bbd20a8098cb0cd0c166562a8ccc66f659ed862b923db4f7e70b95f95bae81e518483cbf00113200ceaecc30b832f8e834ea5b65f2e2a44c72ae0ec7e29b44cab3d5df92ca1ed262dd59ce9ded866", 0x94}, {&(0x7f00000006c0)="b1ccbd203e8a544d89e438061faf51913ba037e16b280e085a1554cac5576ee620144339af95f2ab50f2ef6bd6822304e001bd99ddfc3190076f80dfdd96430ff46972d1ebd8947e54fbef85a391f806f060dfbe1ed2d290302e0a29b2ddc2ca9ab09d17eb4bb7e7da485c3941e047a1cc58e272ec360e18853cc32dff9c36dfe45ff573a6eae35972ed173788e8", 0x8e}], 0x2, &(0x7f00000007c0)=[{0x98, 0x110, 0x10001, "4d39da08f00982bdcbbb4a8fd4ea46759c4b5558f023b413cf0b93d4fb3c9a92dbd3403b77748c4f62d5e6cd365289f5a4445c463aaf87917115ac966dd577dbfd1c3f118c8baeb1854d20a98d7d4839f50f9cb8b306e6874deedda662178555e35c6ed7c6ee5eb86e1b6cdb5a747a11b7edc9cf0e341355122b8363193af817668bdc8e"}, {0xd8, 0x109, 0x8, "5139e9b47564a98bb91f0761825a386d3bf4bdb932dc9cbadf78ce13e665fb8ad6f2ae3c1c32282b245277e4c8f915f8426bb1ed29d86c14fe5d936fa91075be88db442b81f2d3d23b84481435c576a6369457335d6e4e064352ff54f7a53523f62602314481d4e8f29917a42577139497812418541c172861a767b4cd1bf327b61f7368f4ce5a4a8e2587493766bf5882bec11dc38e284240ceaa56a0ee4aba7b448eb3e1263986c330c9b491a5f9450fc50aa8b71d81f5787b7421665739ed0568d44c"}], 0x170}}], 0x1, 0x0)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r4, 0x1fb4)
r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020200600000000000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000001c0)={r5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffdd, 0x0, 0x0, 0x7, 0x0, 0x8}, 0x19)
r6 = dup(r4)
setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xe501, 0x3, 0x490, 0x320, 0x6affffff, 0x3403000b, 0x320, 0x7, 0x320, 0x230, 0x230, 0x3f8, 0x223, 0x3, 0x0, {[{{@ip={@remote, @local, 0x0, 0x0, 'veth1_macvtap\x00', 'veth1_to_team\x00', {}, {}, 0x6}, 0x0, 0x2d8, 0x320, 0x0, {0x1000000}, [@common=@unspec=@bpf0={{0x230}, {0x1, [{0x6}]}}, @common=@unspec=@time={{0x38}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0xd8}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4f0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0xe, 0x0, &(0x7f0000000040)="000051524cb5005a54c40b7916a1", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x50)

2.195472015s ago: executing program 1 (id=4173):
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
bind$inet(r0, 0x0, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
bind$netlink(r1, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc)
r2 = socket$inet6(0xa, 0x80003, 0x6)
connect$inet6(r2, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_IPV6_XFRM_POLICY(r2, 0x29, 0x23, &(0x7f0000000340)={{{@in=@broadcast, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in=@rand_addr=0x64010101, 0x0, 0x3, 0x1, 0x7}}, 0xe8)
sendmmsg(r2, &(0x7f0000000480), 0x2e9, 0xf0)

2.195115923s ago: executing program 3 (id=4174):
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000540)="a00a6401c3e4fd44059b00302f884b11b526e61342c67e55680146eb09cb3d94fa61d6f7d626da792cc614b3bb6ace64a1ba0da000601195a7fca17afb4fb601f09929f0c5bb68751a10c784947fc1825ab6a91449fefcc680064ecf562f67e356e2cd04e8d9da338cf05bc0f72d3e18914b92a5a3070d8ac997722e76af874c9f7bcff9893218e1951991236b5f4e6404b99432e7d2a160ef851d645306b7bfabf3f4d501fc34982237843132039b762cd62f1677c72e554ac2a15b7a", 0xbd}, {0x0}], 0x2}}], 0x1, 0x11)
socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
io_uring_setup(0x1de1, &(0x7f00000002c0)={0x0, 0x43a3, 0x800, 0x2, 0x1ef})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{}, &(0x7f0000000400), 0x0}, 0x20)
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r0, 0x400448cb, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000002c0), 0x40040, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0402030c"], 0x7)

1.789371468s ago: executing program 1 (id=4175):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
clock_gettime(0xfffffff2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER(r3, 0x0, 0x84)
r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x80, 0x0)
r5 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'ghash-generic\x00'}, 0x58)
r6 = accept4(r5, 0x0, 0x0, 0x0)
setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000000200)="ad56b6cc0400aeb995298992ea54", 0xe)
recvmmsg$unix(r6, &(0x7f0000004a80)=[{{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000002740)=""/188, 0xbc}, {0x0}, {0x0}, {0x0}, {&(0x7f0000002a40)=""/239, 0xef}], 0x5}}], 0x1, 0x20, 0x0)
sendmmsg$unix(r6, &(0x7f0000000680), 0x4924924924925c6, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, &(0x7f0000000100)={0x48})
r7 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r8=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r7, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000440)={0x50, 0x0, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x185}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_WME={0x14, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x9}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0xa}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24000000}, 0x4000004)

1.012398666s ago: executing program 3 (id=4176):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="18050000000000fe000000004b64ffec850000007d000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r3}, 0x18)
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000005c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='fd=', @ANYRESOCT=r4, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRESDEC=0x0]) (fail_nth: 13)

787.70936ms ago: executing program 1 (id=4177):
socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
syz_emit_vhci(&(0x7f00000001c0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x1d}, @hci_evt_le_cis_established={{}, {0xc, 0xc8, "8976c3", "2c65ea", "e05ed4", "f4220e", 0x0, 0x4, 0x6, 0xf8, 0xff, 0x3, 0xff, 0x7, 0x0, 0x7}}}}, 0x20)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000)=0x7, 0x4)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10)
connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r3, 0x6, 0x16, &(0x7f0000000240)=[@mss, @sack_perm, @timestamp, @mss={0x2, 0x1}, @window, @window={0x3, 0x0, 0xfffc}, @timestamp, @timestamp], 0x8)
setsockopt$inet_tcp_TCP_CONGESTION(r3, 0x6, 0xd, &(0x7f0000000040)='nv\x00', 0x3)
setsockopt$inet_tcp_TCP_REPAIR(r3, 0x6, 0x13, &(0x7f00000001c0), 0xc7)
sendto$inet(r3, &(0x7f0000000000), 0xffffffffffffff94, 0x0, 0x0, 0x0)
r4 = creat(&(0x7f0000000100)='./file0\x00', 0x4)
ioctl$USBDEVFS_FORBID_SUSPEND(r4, 0x5521)
recvfrom$inet(r3, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0x700, 0x0, 0xfffffffffffffd25)
r5 = openat$cgroup_pressure(r4, &(0x7f0000000280)='memory.pressure\x00', 0x2, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(r4, 0x6, &(0x7f0000000340)={0x80000001, 0x0, &(0x7f0000000300)=[r4, r3, r5, r1, r5]}, 0x5)

0s ago: executing program 3 (id=4178):
creat(&(0x7f0000000240)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="1500000065ffff048000000800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})
chmod(&(0x7f0000000140)='./file0\x00', 0x0)
r3 = creat(&(0x7f0000000300)='./file0\x00', 0x0)
r4 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x62800)
mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x5, 0x12, r4, 0x0)
write$UHID_INPUT(r3, &(0x7f0000000540)={0x8, {"1a17924ab218eacb15a3fccf929e2dd2497903c1f853d95b995c65e99449ff953fa11c7723b2149ecdaa7f833f60e13b19a66e963f7e8da4297ebbfdda5b36fb4d01bd02e6c652dc4d99e2cb82c2a1d4a45e4c89ba9994e82f854bbc34a40b3a58aa256c9b4512fbf91b9846446c4909e4ec53982e7d7fd11ee0bdeab0bb4c469c9665dde8cb58f0ca148223b6cc4e2f306cfbeccedec8db5212f2fc4e14f836c68bdace4db1afbde9d463e5ac24567925b5fdf0e3af1a52dbd7669fe9227302c8f635bc2ddbf5bd7dccd7b92a9bd5c7363375a57851c2bc72509f2005f138f5a59cf85e9ddb1c972c89d50806e8941b7059cd3eca77527a7f20af70841b4d6f026614bdbb276a6814cc74d91856b968c5fdb52674d892a90d01ab91841b6811def78bdac9bc6f9df2598569fbdfef75079832b2750801dc83fd1987713c61136ac9e5f2f7e67f302109bb9a7fea75290b506a89a19d7e0e472937a8c9ecfe16ef6eb88c7a88a060756196d55d6a3d3f7cdf9915d22b6b3af69ec55017b821ec0621e8a59414efc2b46977a85846b53ae75a350947afcafbdef7233cc371bc2a6f29c0315b352ac2741c81df534303ddb30a4408db5679d05d245259c245c9d7f861711cc287cfd0462b948512623b921060386c587fd166df29e71ecfc8ed90031e95b2af1406b5ae73f6084e39e88194e3d37dc801982656b5b66342d74100f9f5b8c94c1e91b626bbf426a07b4be91dbdb76a6e40d0b788f89359e462e69bc4499fd4f9aa1e7f0c3f73a996b6ecef606c7651286e1f18a6823eed7191cd542057eaaf09aa32e8ce370c09050278b85fd359b8ca23e66e9d294ec57b3ddd90409d9b1ca28c6993b244f8ca46f6bf478ff22fb1df53e33abdda4b2b1e5cff7de19957bdc8e7ca39e4762204b1f9f33b9375b7282422b91841706751038e42023ba45c1cd0998c1794c1c2a5ff65466189bbb27bcbf01e5a48bfd8b6845f7d5c87d977df4ded5273ebf56b96c50b4eadc44bfaa0994259eeb1031644415fa9d729753d2138b06f9b7b624d9eeb1ef71dfdff0b639078f058c7a070451c4670af0c6eb1202f77be82faba9b6287995066b5f7e59b7967706d8d8c5bde48137e13df537ae54664fe4e8460b1bdf5b92a1dcf39ee1726bc6690d0ac5f799bcfab918c59cb132c45054ba17b8a44d505ad3eaeee95b4275b25b2087da8902552727a1e739014df348cfa3a1102661c35a6a38df6c410f5343577955dd57de5af089e3f1bcdf96d4ef1d5944243470b0ed10616144cccc5cac44e36fefd9441120c5d047867af0ea353da21fc0ae73b78b84d53a62efeb94ea8d441cc698c92fd7b36cf41472d036c5093bbdf943620c29ffa3b21ef4a0bb9274912b046834ee6f855ceadf18fb488040d5829ab6e8bf69a90315f7f84d002ac4e929e9f1010a8486746bd316799ba3a65744980c388202324ba50768c77a8481ba74d135da7507048c82714a8234837b69922126e4084a68f7418bfd26417cade786c7f8185e2492e3b64eb9d2c2c721504c7b4aeb383503f745fd69315c56b5b0158decd1b1606a63366b7e2d2b9124b6efca4480c703c8f37d6ddff55b0ec15f2ce6be6c902d06aec2ccabeba13b442b608076c33d19e690ab66cf6678d679758d22fb5d8d963f25d00c45576f8b2938543080297b9cb6c305e3131d2f412f00370c285251909f8ebefc3d18a23e25a183997b08251450b29fff32781e6a70e6e070ab3921f3f809392deb732d6f30cc034b5f77d41218bca86d515b16da0457dbf7aaefdcef9d5358e7b4f1e5d1a410f55449e765609d122f938fd57b71482244dff0523067cabfd322fc47aca1c331112e3d969f5fe3594c3c7adea7c36e9b9af6754cdea5ccf05b139f783d4b24540c50a6a9f7dff472d47c87c151d8439b5740cd1f423335dae2680050bd44766159cba66666b7dbc9e190130494327a0d8c9dbed5c8b831ce2b2bb236353ff7175a48b61a0f3209fa3db44f07a21a485ef1682a33cdf632ac2d6ca993b6cd90913e31704bb851711e1f2b5ebb19baaba102dd42d550933e9dfc17311665fef4d0206d7debbcbbd97efafffb905bf9a77b8eeb67d5f8bef8526f6f8607672bb3c50b14e16c264265594e05fa481f724290abdc9f60a899f26033236e3b90548c24288a7b627b51c4d7c638c359ec6325b0d79e1d69cf18cd9136a263b6aa84ad062b9831fc7c201b7ccec7d3b7ea2132ee4579632bf614bcde285527c36ef8a8e12651ef34a677a8d2f84360afa2f2245e4e0d61a12e8e446045fae61375082f983363795f11848edad24b3f7ae53f0eeb329fa62b6d7b446e3b2c1257981f9c0c3ea371c71021af834a285203b2e3177ddf5251044ea215c048f78701dec36a94ca3c435278d1fd889996adf5ea7c8db62f2b1331bc22c4b7798d587a5c4e619b7b576e19d92996bc0bdc0c8c15374e11b6eeda0e18b35aac4b96db9cdba025080bf5bea4ffdf4fa3c93ec5feede0a140f7f6727ef255783565935d59d348aaa6d12c060afd5f6d084346309d8cbf54b33050ecccf30ae083c4034165880214a94a5296427e2fcb6d90692a82212b6b8d86c6d163f0643944aaba4af1171aed463994f1374e1ec1654b89b04e9d635074e8d131bc2443daf1caad455671470329a287f4c711cb907403d5c05184cd3a647823b5b9c6dc4451fdde92dc1cb87010197026458b40d4809ab60aca1af6bb3702a3e0506cdd21faa6d9909f4ed74723de75fc48d44314fa3cc0c8e8ea226ec1d5875b9595aeacdff0a9f75b4a60dde781c58179f997ecb6479c91ecacc65bfe293a2d26c21ae7c1d7be1241cc1c4ea86a6cf8d93012bd98508aae8db723ff167026298cab227b7d0062c27ccc8e81df7268423ad063638760b44e77147ee9bd84140166ae2bfd592f845ca68c719f7520ae3c9988cc89db73bf93ad6f2f7d9394b2288f0176723acd167081ade4e066a26832f7b655cd874aa5026a7369bb9912c90599d1407f0488a9c540a31997890f5433bd1df91ba13a9e0721c9a707eac7cff1c3efef6cd716779c7ad631c3560caa2031d9d2591329c1867d0d5f96b5897cac2c6a381f0ce5c27969c2b3e7d188e1e896d815b01a3e177933817325953140272ad718a36ae522d43de109ba92255ee66d2a14897f2b2014dc9a495c108727e0eef54df617e269e43a0c48d28a91aaf14d58719e21ea39c1c534e39a1dfabb61377b55d2f69fe79c7d5111b8b952c388925ea8ab1503ae68bce95a34a10a85aa0e5da52add14b93eaac5861a6504e23dda8034e809253c1071ddda934663faac454cd378c5725f5c6f4d943779994357185e512a4b6993156e624f25d86d24e7254d3e9b231aa80ed5a32e108cb528d402f93e58c25ac937420ff7dcd7d9ec2126c7fe7cefa47c038f23de40523d5e026fe3bb4cfd3040f9bd9631cf5a2cde1e20a6032703cd64c2ad97ea95d05a7aa3ea3b3b9d5a86961116dd1338c0a2caae0ceab3178ac7736dfa8a949cd81d261748e6678cb730b57468fb2b7e22c5eb08ad496e76775dce0c31950a596580ad7d6c3fd9ce90dded340f20b77fe53e81fb6e2a7a6c450b8ac9009c7c077893f704457a90401fb758c0769fbfd38e40ae692e410b889bbf0b09a32dc731b6768c0fa3963a5b6279b6a5db611174339f3218fff567f6cfb7377ddc8e2c730da35cc3ec680a6bc95010dd03834caab7afb2c0023ad9ce3aae3c0fd1ece42ea840bf5fc798a0b5fbe7692f13549cdba4a0b68f722ef6877856a76fc3c39f7cfd760675a9f341d9f09f381972be9171e50455ed13e665e61a03b0c2a79276a871c25fc5c486639a71a8dfdf36174373b8995014752aba3026045be6b43074ac3824d687bbf5f6544228cea52791828f54980ee9f728534ea32edd205aaace717adcf61ce28f92719048d44b09812bcfd2d22cc9d7a45ed6b4634756f6b3189908c71728c373ea94aa5c74ce4a73c20138b8cb21db6e2dfb35329b86b1805a5208dd370b8342ca8aa3cbd3e7a3ec79d7b8ee677b04e19c524ddc6de0b22443ac15de908f61719399d0f9890ca2b0283a7db914944f424af10ba0ec9e3e253c060d7b28552eaae5eed1e906f8f93c2195293deabdad6cb38ddab51603e4a96ef1e086de911fb716ffbca467294d9e66e5d0f8225bc28d6c074c4ffba76706f61b0b386b7e4b6500a15fad291f34f6c84f1596a97512f31196a529a7a5725437c038e17d531da3838c8aef3bade6bc1d4c7624560d4fba72e5f8be2c5dc905e1e4bcb2aa7eddb275408ef4288ac69c7a18ae58fb26c2f5a6964f051b81d2e426fc2a5d8617050341b96d5a746e3419fbe94bd3752403868b655c2dba6f48ef109a2e6ec0041842fae52bfab70481ecfe8d27f3d5e444f1b941d871c8057cbe35df68665bc3aadea02d203b106d1179a428daa7d9fea9dbddd8955bb289a92ec790de74cd6a1edf925ab85471633dedf8ba46abe456963a2381addce2aa16c06dd80bb54d8e53d7c82607916af175061da29122afde8687add6b6f42233b76a1164893dcc1ec3dcf935576d2d0f3ab3b1adbace086da915234b4f9bad0afc2915608fc4f6611dc3b91d7e0e48cb0a0f3fdc70ef70ef82043afbd3325f0f6186390ab28ca9f0009184637530d79f0c5a77c6e912afbe6533988f543fc6c02d3d44fbdb0e2ebfad2680184f1ed451991667df958a71fb41cf4367bdb931389ea8b6340e225b312a09dadd8e2ac2d200db6e75323d48c73c6b819e13f92b01bf405e796a2e10b863e773598abcbcc196987e18b19530337809b56480778207103a12acfff1c0ad62846088251a1a0d0d6b300059a99698c84ccac78d53eb32e3984001978db7679960b4d75d71b49696909826c66320526fe02a060265821d15b8b2337121a201402a118ec03ff0d4f3dfa48f2dadd20b510ecdf4e6440b5b2466b9bf28e32327189f0405245694a6371dbe4eae7a8293cdc15193c284123d64690120634f808096a8f3f7a04a5bac9dd86c09f2e4e87c7d7c98d0b370e84ea5f265730f5480eb1375d4f82c7d4efbb6e58c5a92848331b2becd2531f6c456b5d0e690b102dd8faec55bde56f95727f4abf52c58543faaeb9cefd39bba788bd7e2b02b27ecbc1679a1ac00823c83e1ae29690cd25544d3ae0a8db25e963e9fb5bd94987637ac3546b9b312bf04d5c6211c135e806525d423fde9ccb5ef7962ec1e056e6f29adaeebb331f6c234586d1fe21577f56d620c6942a29d4915772144cc60008d1236db21100d5a3112c29396b9e18cdb5b104bed2df2b6ea72c9aa03bb6082f3eb07f0eae359864967a749492d21005b0d39c9613c20b1e21700ab66a4f5ca03ec08d67b95f759252d758743820ba243032e1708447fbaebc27e1316af4cf547cef3ac4966a1f04dd07012f257a0204107c23a0046b12493d9784b24dc561c1f88e591056bcc3b338ab1de65e5ad578021f26f93e9b12f00b5f8c8ae2db6b7b8f254303c7ff06514735974e65fb9a93dc79b115a12310040490ca11ef315340af104e20a2e22dcd132f7d7a61d9d3a12e832ee048a2170dbe03d747ed7402180eb964fde0ecb77e778b18a4e5a83479bb7e0ea0a7d5145ffed4607bd7e6b8f961625d5e3dcac2d4a05e71dc9c2e52195bd55aed4e6749dc1c329e2cda966d18e9bf882c05db627c1047fc71533bbba2c8a83d04db5bad6da349a9ad1992eb88e0274d32a16137e2396ad973c0ecbbc2d243e68b6959bf9b", 0x1000}}, 0x1006) (fail_nth: 10)

kernel console output (not intermixed with test programs):

48.295897][T18451] wg2: left promiscuous mode
[  948.305830][T18451] wg2: left allmulticast mode
[  948.340693][T18451] wg2: entered promiscuous mode
[  948.353297][T18451] wg2: entered allmulticast mode
[  948.628951][T18459] FAULT_INJECTION: forcing a failure.
[  948.628951][T18459] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  948.858596][T18459] CPU: 0 UID: 0 PID: 18459 Comm: syz.5.3460 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  948.858623][T18459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  948.858633][T18459] Call Trace:
[  948.858639][T18459]  <TASK>
[  948.858646][T18459]  dump_stack_lvl+0x16c/0x1f0
[  948.858672][T18459]  should_fail_ex+0x512/0x640
[  948.858696][T18459]  _copy_from_user+0x2e/0xd0
[  948.858721][T18459]  ppp_set_compress+0x10e/0x6e0
[  948.858740][T18459]  ? __pfx_ppp_set_compress+0x10/0x10
[  948.858765][T18459]  ppp_ioctl+0x1897/0x2660
[  948.858786][T18459]  ? __pfx_ppp_ioctl+0x10/0x10
[  948.858811][T18459]  ? selinux_file_ioctl+0xb4/0x270
[  948.858838][T18459]  ? __pfx_ppp_ioctl+0x10/0x10
[  948.858856][T18459]  __x64_sys_ioctl+0x190/0x200
[  948.858880][T18459]  do_syscall_64+0xcd/0x260
[  948.858903][T18459]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  948.858920][T18459] RIP: 0033:0x7f4a1bd8e969
[  948.858934][T18459] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  948.858951][T18459] RSP: 002b:00007f4a1cbc4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  948.858967][T18459] RAX: ffffffffffffffda RBX: 00007f4a1bfb5fa0 RCX: 00007f4a1bd8e969
[  948.858978][T18459] RDX: 0000200000000180 RSI: 000000004010744d RDI: 0000000000000003
[  948.858988][T18459] RBP: 00007f4a1cbc4090 R08: 0000000000000000 R09: 0000000000000000
[  948.858998][T18459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  948.859007][T18459] R13: 0000000000000000 R14: 00007f4a1bfb5fa0 R15: 00007fff3d008e78
[  948.859031][T18459]  </TASK>
[  949.196727][T18461] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3464'.
[  949.205837][T18461] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3464'.
[  949.372823][   T30] audit: type=1400 audit(2000000110.040:1016): avc:  denied  { bind } for  pid=18476 comm="syz.1.3468" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1
[  949.392416][    C1] vkms_vblank_simulate: vblank timer overrun
[  949.477953][T18482] overlayfs: option "workdir=./file1" is useless in a non-upper mount, ignore
[  949.487004][T18482] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off.
[  949.499072][T18482] overlayfs: missing 'lowerdir'
[  950.510671][T18489] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3470'.
[  950.529632][T18489] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3470'.
[  950.628092][T18503] fuse: Unknown parameter '0000000000000000000400000000000000000003[7'"`4e'
[  950.640581][ T5858] usb 5-1: new high-speed USB device number 67 using dummy_hcd
[  950.915606][ T5858] usb 5-1: config 2 has an invalid interface number: 177 but max is 1
[  950.924666][ T5858] usb 5-1: config 2 has an invalid interface number: 177 but max is 1
[  951.199436][ T5858] usb 5-1: config 2 has 1 interface, different from the descriptor's value: 2
[  951.239035][T18518] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1024 sclass=netlink_route_socket pid=18518 comm=syz.1.3480
[  951.257735][T18518] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  951.266633][T18518] overlayfs: missing 'lowerdir'
[  951.272336][ T5858] usb 5-1: config 2 has no interface number 0
[  951.429894][ T5858] usb 5-1: config 2 interface 177 has no altsetting 1
[  951.441567][ T5858] usb 5-1: New USB device found, idVendor=1199, idProduct=0301, bcdDevice=1a.dd
[  951.452626][ T5858] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  951.461058][ T5858] usb 5-1: Product: syz
[  951.477281][ T5858] usb 5-1: Manufacturer: syz
[  951.481996][ T5858] usb 5-1: SerialNumber: syz
[  951.514461][   T30] audit: type=1400 audit(2000000112.190:1017): avc:  denied  { unmount } for  pid=17143 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1
[  951.810712][   T30] audit: type=1400 audit(2000000112.430:1018): avc:  denied  { create } for  pid=18493 comm="syz.4.3473" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  951.830339][ T5858] usb 5-1: selecting invalid altsetting 1
[  951.830379][ T5858] sierra 5-1:2.177: Sierra USB modem converter detected
[  952.268603][ T5858] usb 5-1: Sierra USB modem converter now attached to ttyUSB0
[  952.281125][   T30] audit: type=1400 audit(2000000112.430:1019): avc:  denied  { ioctl } for  pid=18493 comm="syz.4.3473" path="socket:[58444]" dev="sockfs" ino=58444 ioctlcmd=0x890b scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rose_socket permissive=1
[  952.328527][ T5858] usb 5-1: USB disconnect, device number 67
[  952.343492][ T5858] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  952.354210][ T5858] sierra 5-1:2.177: device disconnected
[  952.452545][T18534] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3483'.
[  952.462790][T18534] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3483'.
[  952.577504][T18541] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  953.046459][T18545] FAULT_INJECTION: forcing a failure.
[  953.046459][T18545] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  953.243975][T18545] CPU: 1 UID: 0 PID: 18545 Comm: syz.3.3488 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[  953.244003][T18545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[  953.244013][T18545] Call Trace:
[  953.244019][T18545]  <TASK>
[  953.244026][T18545]  dump_stack_lvl+0x16c/0x1f0
[  953.244053][T18545]  should_fail_ex+0x512/0x640
[  953.244076][T18545]  _copy_from_iter+0x2a4/0x15b0
[  953.244099][T18545]  ? __alloc_skb+0x200/0x380
[  953.244122][T18545]  ? __pfx__copy_from_iter+0x10/0x10
[  953.244145][T18545]  ? __pfx_netlink_autobind.isra.0+0x10/0x10
[  953.244171][T18545]  netlink_sendmsg+0x829/0xdd0
[  953.244191][T18545]  ? __pfx_netlink_sendmsg+0x10/0x10
[  953.244218][T18545]  ____sys_sendmsg+0xa95/0xc70
[  953.244240][T18545]  ? copy_msghdr_from_user+0x10a/0x160
[  953.244255][T18545]  ? __pfx_____sys_sendmsg+0x10/0x10
[  953.244286][T18545]  ___sys_sendmsg+0x134/0x1d0
[  953.244304][T18545]  ? __pfx____sys_sendmsg+0x10/0x10
[  953.244344][T18545]  __sys_sendmsg+0x16d/0x220
[  953.244358][T18545]  ? __pfx___sys_sendmsg+0x10/0x10
[  953.244380][T18545]  ? rcu_is_watching+0x12/0xc0
[  953.244405][T18545]  do_syscall_64+0xcd/0x260
[  953.244426][T18545]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  953.244442][T18545] RIP: 0033:0x7fb4fcf8e969
[  953.244455][T18545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  953.244472][T18545] RSP: 002b:00007fb4fde8a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  953.244488][T18545] RAX: ffffffffffffffda RBX: 00007fb4fd1b5fa0 RCX: 00007fb4fcf8e969
[  953.244499][T18545] RDX: 0000000000000000 RSI: 000020000000c2c0 RDI: 0000000000000003
[  953.244508][T18545] RBP: 00007fb4fde8a090 R08: 0000000000000000 R09: 0000000000000000
[  953.244518][T18545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  953.244527][T18545] R13: 0000000000000000 R14: 00007fb4fd1b5fa0 R15: 00007ffea3a39288
[  953.244549][T18545]  </TASK>
[  954.091781][T18558] overlayfs: failed to create directory ./file0/work (errno: 22); mounting read-only
[  955.011002][T18575] SELinux: syz.4.3498 (18575) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  955.389487][T18583] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  955.721239][ T5940] usb 3-1: new high-speed USB device number 62 using dummy_hcd
[  955.853967][  T971] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  955.965485][ T5940] usb 3-1: unable to get BOS descriptor or descriptor too short
[  956.171421][ T5940] usb 3-1: too many endpoints for config 1 interface 1 altsetting 0: 131, using maximum allowed: 30
[  956.188935][ T5940] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 131
[  956.293401][ T5940] usb 3-1: config 1 interface 2 has no altsetting 0
[  956.303140][ T5940] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  956.313130][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.323890][ T5940] usb 3-1: Product: syz
[  956.324222][  T971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0
[  956.338479][ T5940] usb 3-1: Manufacturer: syz
[  956.848284][  T971] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0
[  956.860734][ T5940] usb 3-1: SerialNumber: syz
[  956.869313][  T971] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  956.881721][  T971] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0
[  956.900209][  T971] usb 6-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00
[  956.909645][  T971] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  956.918009][  T971] usb 6-1: Product: syz
[  956.923282][  T971] usb 6-1: Manufacturer: syz
[  956.929533][  T971] usb 6-1: SerialNumber: syz
[  956.947654][  T971] usb 6-1: config 0 descriptor??
[  956.960173][  T971] ums-isd200 6-1:0.0: USB Mass Storage device detected
[  957.100351][   T30] audit: type=1400 audit(2000000117.780:1020): avc:  denied  { map } for  pid=18576 comm="syz.2.3500" path="socket:[58562]" dev="sockfs" ino=58562 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1
[  957.130335][ T5940] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  957.265959][T18582] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3502'.
[  957.283136][ T5940] usb 3-1: selecting invalid altsetting 0
[  957.347144][T18601] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3505'.
[  957.356958][T18601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3505'.
[  957.373815][T18582] bridge: RTM_NEWNEIGH with invalid ether address
[  957.515578][T18582] sp0: Synchronizing with TNC
[  957.581238][ T5940] usb 3-1: USB disconnect, device number 62
[  957.629685][T18603] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3502'.
[  957.699332][T18603] bridge: RTM_NEWNEIGH with invalid ether address
[  957.842098][  T971] scsi host1: usb-storage 6-1:0.0
[  957.903967][  T971] usb 6-1: USB disconnect, device number 13
[  958.752298][T18630] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  959.450766][T18635] wg2: left promiscuous mode
[  959.457655][T18635] wg2: left allmulticast mode
[  959.479023][T18635] wg2: entered promiscuous mode
[  959.488064][T18635] wg2: entered allmulticast mode
[  961.523833][ T5858] usb 3-1: new high-speed USB device number 63 using dummy_hcd
[  961.707941][ T5858] usb 3-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  961.718578][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  961.754835][ T5858] usb 3-1: config 0 descriptor??
[  962.046795][ T5858] usbhid 3-1:0.0: can't add hid device: -71
[  962.073536][ T5858] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  962.146589][ T5858] usb 3-1: USB disconnect, device number 63
[  962.203929][T18681] wg2: left promiscuous mode
[  962.208584][T18681] wg2: left allmulticast mode
[  962.296847][T18681] wg2: entered promiscuous mode
[  962.301751][T18681] wg2: entered allmulticast mode
[  963.188376][T18699] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=18699 comm=syz.4.3532
[  964.122984][T12355] Bluetooth: hci3: command 0x0406 tx timeout
[  964.312976][   T30] audit: type=1400 audit(2000000124.990:1021): avc:  denied  { map } for  pid=18709 comm="syz.5.3536" path="socket:[58796]" dev="sockfs" ino=58796 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  964.484198][   T30] audit: type=1400 audit(2000000124.990:1022): avc:  denied  { read accept } for  pid=18709 comm="syz.5.3536" path="socket:[58796]" dev="sockfs" ino=58796 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ax25_socket permissive=1
[  964.508121][    C0] vkms_vblank_simulate: vblank timer overrun
[  964.637590][   T30] audit: type=1400 audit(2000000125.310:1023): avc:  denied  { write } for  pid=18709 comm="syz.5.3536" path="socket:[58865]" dev="sockfs" ino=58865 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  964.661058][    C0] vkms_vblank_simulate: vblank timer overrun
[  966.227389][   T30] audit: type=1400 audit(2000000126.910:1024): avc:  denied  { read write } for  pid=18716 comm="syz.3.3540" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  966.459560][   T30] audit: type=1400 audit(2000000126.940:1025): avc:  denied  { open } for  pid=18716 comm="syz.3.3540" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1
[  966.954564][   T30] audit: type=1400 audit(2000000127.610:1026): avc:  denied  { watch_sb watch_reads } for  pid=18731 comm="syz.1.3544" path="/127/file0" dev="tmpfs" ino=702 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1
[  967.590691][T18732] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[  968.254260][  T971] usb 5-1: new high-speed USB device number 68 using dummy_hcd
[  968.587776][  T971] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  968.617473][  T971] usb 5-1: config 0 has no interfaces?
[  968.623056][  T971] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  968.653878][  T971] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.685083][  T971] usb 5-1: config 0 descriptor??
[  968.712523][   T30] audit: type=1400 audit(2000000129.380:1027): avc:  denied  { create } for  pid=18753 comm="syz.1.3550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  968.844666][   T30] audit: type=1400 audit(2000000129.390:1028): avc:  denied  { write } for  pid=18753 comm="syz.1.3550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  968.904132][   T30] audit: type=1400 audit(2000000129.390:1029): avc:  denied  { connect } for  pid=18753 comm="syz.1.3550" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1
[  968.971718][    T9] usb 5-1: USB disconnect, device number 68
[  969.996351][   T30] audit: type=1400 audit(2000000130.680:1030): avc:  denied  { connect } for  pid=18765 comm="syz.2.3552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  970.024403][T18752] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3548'.
[  970.061599][   T30] audit: type=1400 audit(2000000130.700:1031): avc:  denied  { bind } for  pid=18765 comm="syz.2.3552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  970.097269][T18764] wg2: left promiscuous mode
[  970.109160][   T30] audit: type=1400 audit(2000000130.700:1032): avc:  denied  { write } for  pid=18765 comm="syz.2.3552" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rds_socket permissive=1
[  970.113740][T18764] wg2: left allmulticast mode
[  970.333483][T18767] wg2: entered promiscuous mode
[  970.342988][T18767] wg2: entered allmulticast mode
[  971.953274][T18794] SELinux: syz.2.3560 (18794) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  974.210541][T12355] Bluetooth: hci1: command 0x0406 tx timeout
[  975.532165][   T30] audit: type=1400 audit(2000000136.210:1033): avc:  denied  { map } for  pid=18827 comm="syz.3.3562" path="/proc/235/ns" dev="proc" ino=59898 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dir permissive=1
[  977.963391][T18854] netlink: 300 bytes leftover after parsing attributes in process `syz.1.3575'.
[  978.728989][T18859] SELinux: syz.4.3574 (18859) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  978.993993][T18861] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3576'.
[  979.010171][T18861] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3576'.
[  979.694547][T18871] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=18871 comm=syz.4.3577
[  980.003762][ T5858] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  980.163791][ T5858] usb 6-1: Using ep0 maxpacket: 16
[  980.175075][ T5858] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  980.186755][ T5858] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  980.229010][ T5858] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  980.250167][ T5858] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  980.341791][ T5858] usb 6-1: Product: syz
[  980.353540][ T5858] usb 6-1: Manufacturer: syz
[  980.368140][ T5858] usb 6-1: SerialNumber: syz
[  980.383134][ T5858] usb 6-1: config 0 descriptor??
[  980.407941][ T5858] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  980.706788][ T5858] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  981.123103][ T5858] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  981.130735][ T5858] em28xx 6-1:0.0: Config register raw data: 0xfffffffb
[  981.355459][ T5858] em28xx 6-1:0.0: AC97 chip type couldn't be determined
[  981.363304][ T5858] em28xx 6-1:0.0: No AC97 audio processor
[  981.457346][T18869] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3578'.
[  982.570318][ T5940] usb 6-1: USB disconnect, device number 14
[  982.592041][ T5940] em28xx 6-1:0.0: Disconnecting em28xx
[  982.612104][ T5940] em28xx 6-1:0.0: Freeing device
[  982.936880][T18904] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  985.205197][   T30] audit: type=1400 audit(2000000145.890:1034): avc:  denied  { create } for  pid=18929 comm="syz.4.3593" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=atmsvc_socket permissive=1
[  985.772756][T18937] SELinux: syz.3.3595 (18937) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  986.030110][T18941] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3596'.
[  986.311555][T18951] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3597'.
[  986.338881][T18951] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3597'.
[  986.454154][  T971] usb 3-1: new high-speed USB device number 64 using dummy_hcd
[  986.658511][  T971] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  986.678308][  T971] usb 3-1: config 0 has no interfaces?
[  986.691101][  T971] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  986.710906][  T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  986.723611][  T971] usb 3-1: config 0 descriptor??
[  987.118640][   T10] usb 3-1: USB disconnect, device number 64
[  987.637700][T18970] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3606'.
[  987.647236][T18970] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3606'.
[  988.013937][T18982] netlink: 300 bytes leftover after parsing attributes in process `syz.1.3605'.
[  988.674217][   T10] usb 3-1: new high-speed USB device number 65 using dummy_hcd
[  988.827647][   T10] usb 3-1: config index 0 descriptor too short (expected 19, got 18)
[  988.851300][   T10] usb 3-1: config 15 has an invalid interface number: 207 but max is 0
[  988.903478][   T10] usb 3-1: config 15 has no interface number 0
[  988.932741][T18994] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  988.958647][   T10] usb 3-1: New USB device found, idVendor=1397, idProduct=00bd, bcdDevice=2f.e5
[  988.977109][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  988.990047][   T10] usb 3-1: Product: syz
[  988.999005][   T10] usb 3-1: Manufacturer: syz
[  989.022433][   T10] usb 3-1: SerialNumber: syz
[  989.166058][   T10] usb 3-1: invalid MIDI EP
[  989.214145][   T10] usb 3-1: snd-bcd2000: error during probing
[  989.261118][   T10] snd-bcd2000 3-1:15.207: probe with driver snd-bcd2000 failed with error -22
[  990.285834][T19007] SELinux: syz.4.3615 (19007) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  990.564352][T19008] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3613'.
[  990.823153][T19011] SELinux: syz.4.3616 (19011) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  991.190462][T19019] SELinux: syz.5.3618 (19019) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  991.374085][T11199] usb 3-1: USB disconnect, device number 65
[  991.464144][ T5861] usb 5-1: new high-speed USB device number 69 using dummy_hcd
[  991.616278][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  991.689334][ T5861] usb 5-1: config 0 has no interfaces?
[  991.725912][ T5861] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  991.767239][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  991.805279][ T5861] usb 5-1: config 0 descriptor??
[  991.970601][T19014] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3617'.
[  992.103740][ T5861] usb 5-1: USB disconnect, device number 69
[  992.233777][ T5862] usb 3-1: new high-speed USB device number 66 using dummy_hcd
[  992.382557][   T30] audit: type=1400 audit(2000000153.060:1035): avc:  denied  { setopt } for  pid=19029 comm="syz.1.3623" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=phonet_socket permissive=1
[  992.415022][ T5862] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  992.449339][ T5862] usb 3-1: config 0 has no interfaces?
[  992.466964][ T5862] usb 3-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  992.492664][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  992.521512][ T5862] usb 3-1: config 0 descriptor??
[  992.609258][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  992.615712][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  992.783618][   T30] audit: type=1326 audit(2000000153.280:1036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19035 comm="syz.1.3626" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f27bff8e969 code=0x0
[  993.002320][   T30] audit: type=1400 audit(2000000153.440:1037): avc:  denied  { read write } for  pid=19039 comm="syz.3.3627" name="mouse0" dev="devtmpfs" ino=977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  993.028931][ T5858] usb 3-1: USB disconnect, device number 66
[  993.595158][   T30] audit: type=1400 audit(2000000153.440:1038): avc:  denied  { open } for  pid=19039 comm="syz.3.3627" path="/dev/input/mouse0" dev="devtmpfs" ino=977 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1
[  994.672022][T19062] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  994.839718][T19065] SELinux: syz.2.3634 (19065) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[  994.955554][T19064] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3630'.
[  995.352843][T19068] IPVS: ip_vs_edit_dest(): lower threshold is higher than upper threshold
[  996.886768][   T30] audit: type=1400 audit(2000000157.570:1039): avc:  denied  { listen } for  pid=19079 comm="syz.4.3633" lport=45170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  996.963947][   T30] audit: type=1400 audit(2000000157.570:1040): avc:  denied  { accept } for  pid=19079 comm="syz.4.3633" lport=45170 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=sctp_socket permissive=1
[  997.111611][ T5858] usb 4-1: new high-speed USB device number 98 using dummy_hcd
[  997.774311][ T5858] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  997.798870][ T5858] usb 4-1: config 0 has no interfaces?
[  997.890832][ T5858] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  997.930671][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  997.955850][ T5858] usb 4-1: config 0 descriptor??
[  997.958900][T19098] tipc: Started in network mode
[  997.966106][   T30] audit: type=1400 audit(2000000158.630:1041): avc:  denied  { create } for  pid=19096 comm="syz.4.3641" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1
[  998.003826][T19098] tipc: Node identity 4, cluster identity 4711
[  998.023903][T19098] tipc: Node number set to 4
[  998.365841][   T10] usb 4-1: USB disconnect, device number 98
[  999.893462][T19121] SELinux: syz.3.3649 (19121) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1000.019537][T19123] wg2: left promiscuous mode
[ 1000.024404][T19123] wg2: left allmulticast mode
[ 1000.042360][T19104] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3643'.
[ 1000.110879][T19124] wg2: entered promiscuous mode
[ 1000.137085][T19124] wg2: entered allmulticast mode
[ 1000.460345][T19127] wg2: left promiscuous mode
[ 1000.503803][T19127] wg2: left allmulticast mode
[ 1000.540869][T19130] wg2: entered promiscuous mode
[ 1000.545958][T19130] wg2: entered allmulticast mode
[ 1000.746020][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b1bd000: rx timeout, send abort
[ 1001.254785][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b1be400: rx timeout, send abort
[ 1001.263105][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b1bd000: abort rx timeout. Force session deactivation
[ 1001.746209][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b1bd800: rx timeout, send abort
[ 1001.760529][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807b1bd800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[ 1001.777479][    C0] vcan0: j1939_tp_rxtimer: 0xffff88807b1be400: abort rx timeout. Force session deactivation
[ 1001.888620][T19134] SELinux: syz.3.3654 (19134) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1002.932895][T19159] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3648'.
[ 1003.574270][ T5862] usb 5-1: new high-speed USB device number 70 using dummy_hcd
[ 1003.669092][T19141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[ 1003.736422][ T5862] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1003.755715][ T5862] usb 5-1: config 0 has no interfaces?
[ 1003.771477][ T5862] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1003.789647][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.807907][ T5862] usb 5-1: config 0 descriptor??
[ 1003.841646][T19172] SELinux: syz.5.3664 (19172) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1004.048426][ T5862] usb 5-1: USB disconnect, device number 70
[ 1004.949465][T19188] SELinux: syz.4.3666 (19188) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1005.636675][T19200] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3671'.
[ 1007.754848][T19221] tmpfs: Group quota inode hardlimit too large.
[ 1007.928126][   T30] audit: type=1400 audit(2000000168.610:1042): avc:  denied  { create } for  pid=19228 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1007.965502][T19229] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3679'.
[ 1008.026550][   T30] audit: type=1400 audit(2000000168.650:1043): avc:  denied  { write } for  pid=19228 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_rdma_socket permissive=1
[ 1008.093935][T19231] wg2: left promiscuous mode
[ 1008.098691][T19231] wg2: left allmulticast mode
[ 1008.104754][T11199] IPVS: starting estimator thread 0...
[ 1008.111321][   T30] audit: type=1400 audit(2000000168.680:1044): avc:  denied  { create } for  pid=19228 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1008.136653][   T30] audit: type=1400 audit(2000000168.680:1045): avc:  denied  { read } for  pid=19228 comm="syz.3.3679" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=kcm_socket permissive=1
[ 1008.188311][T19231] wg2: entered promiscuous mode
[ 1008.264051][T19227] IPVS: using max 37 ests per chain, 88800 per kthread
[ 1008.324384][T19231] wg2: entered allmulticast mode
[ 1008.356525][T19226] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=19226 comm=syz.1.3678
[ 1008.418762][T19236] SELinux: syz.4.3681 (19236) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1009.046082][T19243] SELinux: syz.5.3683 (19243) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1011.026856][T19273] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3689'.
[ 1011.077647][T19273] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3689'.
[ 1012.413390][T19290] SELinux: syz.2.3695 (19290) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1012.464120][   T30] audit: type=1400 audit(2000000173.140:1046): avc:  denied  { write } for  pid=19292 comm="syz.5.3697" name="msr" dev="devtmpfs" ino=87 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cpu_device_t tclass=chr_file permissive=1
[ 1012.508898][T19294] netdevsim netdevsim5 netdevsim0: entered promiscuous mode
[ 1012.556184][T19285] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=19285 comm=syz.3.3692
[ 1012.725758][   T30] audit: type=1400 audit(2000000173.410:1047): avc:  denied  { mount } for  pid=19292 comm="syz.5.3697" name="/" dev="rpc_pipefs" ino=61157 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1012.815604][T19295] Invalid ELF header magic: != ELF
[ 1013.027378][   T30] audit: type=1400 audit(2000000173.480:1048): avc:  denied  { unmount } for  pid=14230 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:rpc_pipefs_t tclass=filesystem permissive=1
[ 1013.195763][T19311] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3701'.
[ 1013.296119][T19311] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3701'.
[ 1013.489335][   T13] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1013.904153][T19319] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3706'.
[ 1014.287234][T19319] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1014.296035][T19319] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1014.299487][T19316] FAULT_INJECTION: forcing a failure.
[ 1014.299487][T19316] name failslab, interval 1, probability 0, space 0, times 0
[ 1014.315916][T19316] CPU: 0 UID: 0 PID: 19316 Comm: syz.2.3703 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1014.315939][T19316] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1014.315950][T19316] Call Trace:
[ 1014.315956][T19316]  <TASK>
[ 1014.315963][T19316]  dump_stack_lvl+0x16c/0x1f0
[ 1014.315989][T19316]  should_fail_ex+0x512/0x640
[ 1014.316019][T19316]  should_failslab+0xc2/0x120
[ 1014.316037][T19316]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1014.316065][T19316]  ? dst_alloc+0x99/0x1a0
[ 1014.316093][T19316]  dst_alloc+0x99/0x1a0
[ 1014.316114][T19316]  ? fib_validate_source+0x13b/0x730
[ 1014.316137][T19316]  rt_dst_alloc+0x35/0x3a0
[ 1014.316158][T19316]  ip_route_input_slow+0x1671/0x3df0
[ 1014.316186][T19316]  ? __pfx_ip_route_input_slow+0x10/0x10
[ 1014.316212][T19316]  ? __lock_acquire+0x5ca/0x1ba0
[ 1014.316243][T19316]  ? __pfx_ipt_do_table+0x10/0x10
[ 1014.316279][T19316]  ip_route_input_noref+0x120/0x2e0
[ 1014.316303][T19316]  ? __pfx_ip_route_input_noref+0x10/0x10
[ 1014.316331][T19316]  ? tcp_v4_early_demux+0x484/0xbf0
[ 1014.316354][T19316]  ? tcp_v4_early_demux+0xc6/0xbf0
[ 1014.316382][T19316]  ip_rcv_finish_core+0x46f/0x2290
[ 1014.316414][T19316]  ip_rcv+0x1c0/0x5d0
[ 1014.316439][T19316]  ? __pfx_ip_rcv+0x10/0x10
[ 1014.316462][T19316]  __netif_receive_skb_one_core+0x197/0x1e0
[ 1014.316488][T19316]  ? __pfx___netif_receive_skb_one_core+0x10/0x10
[ 1014.316513][T19316]  ? lock_acquire+0x179/0x350
[ 1014.316545][T19316]  __netif_receive_skb+0x1d/0x160
[ 1014.316571][T19316]  netif_receive_skb+0x137/0x7b0
[ 1014.316594][T19316]  ? __pfx_netif_receive_skb+0x10/0x10
[ 1014.316628][T19316]  tun_rx_batched.isra.0+0x3ee/0x740
[ 1014.316655][T19316]  ? __pfx_tun_rx_batched.isra.0+0x10/0x10
[ 1014.316686][T19316]  ? tun_get_user+0x1c0d/0x3b10
[ 1014.316709][T19316]  ? rcu_is_watching+0x12/0xc0
[ 1014.316732][T19316]  tun_get_user+0x2897/0x3b10
[ 1014.316767][T19316]  ? __pfx_tun_get_user+0x10/0x10
[ 1014.316790][T19316]  ? __pfx_ref_tracker_alloc+0x10/0x10
[ 1014.316820][T19316]  ? find_held_lock+0x2b/0x80
[ 1014.316841][T19316]  ? tun_get+0x191/0x370
[ 1014.316871][T19316]  tun_chr_write_iter+0xdc/0x210
[ 1014.316898][T19316]  vfs_write+0x5ba/0x1180
[ 1014.316924][T19316]  ? __pfx_tun_chr_write_iter+0x10/0x10
[ 1014.316951][T19316]  ? __pfx_vfs_write+0x10/0x10
[ 1014.316974][T19316]  ? find_held_lock+0x2b/0x80
[ 1014.317014][T19316]  ksys_write+0x12a/0x240
[ 1014.317038][T19316]  ? __pfx_ksys_write+0x10/0x10
[ 1014.317059][T19316]  ? rcu_is_watching+0x12/0xc0
[ 1014.317086][T19316]  do_syscall_64+0xcd/0x260
[ 1014.317110][T19316]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1014.317127][T19316] RIP: 0033:0x7f7f0118d41f
[ 1014.317141][T19316] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48
[ 1014.317157][T19316] RSP: 002b:00007f7f01fc3000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001
[ 1014.317173][T19316] RAX: ffffffffffffffda RBX: 00007f7f013b6080 RCX: 00007f7f0118d41f
[ 1014.317184][T19316] RDX: 000000000000003a RSI: 0000200000000080 RDI: 00000000000000c8
[ 1014.317194][T19316] RBP: 00007f7f01fc3090 R08: 0000000000000000 R09: 0000000000000000
[ 1014.317204][T19316] R10: 000000000000003a R11: 0000000000000293 R12: 0000000000000001
[ 1014.317214][T19316] R13: 0000000000000000 R14: 00007f7f013b6080 R15: 00007ffc785578c8
[ 1014.317237][T19316]  </TASK>
[ 1014.679765][T12355] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[ 1014.689148][T12355] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[ 1014.697508][T12355] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[ 1014.706291][T12355] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[ 1014.714841][T12355] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[ 1015.089840][   T13] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.313158][   T13] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1015.704017][T19339] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=19339 comm=syz.4.3709
[ 1015.720989][   T13] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1016.650763][T19323] chnl_net:caif_netlink_parms(): no params data found
[ 1016.790808][ T5818] Bluetooth: hci0: command tx timeout
[ 1017.000225][T19366] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3716'.
[ 1017.010191][T19366] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3716'.
[ 1017.580424][   T13] bridge_slave_1: left allmulticast mode
[ 1017.629567][   T13] bridge_slave_1: left promiscuous mode
[ 1017.672158][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1017.748910][   T13] bridge_slave_0: left allmulticast mode
[ 1017.822370][   T13] bridge_slave_0: left promiscuous mode
[ 1017.969112][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1018.337420][T19395] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3719'.
[ 1018.844200][ T5818] Bluetooth: hci0: command tx timeout
[ 1019.297245][T19402] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3722'.
[ 1019.308499][T19402] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3722'.
[ 1019.733019][T19407] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1020.130688][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1020.152185][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1020.171994][   T13] bond0 (unregistering): Released all slaves
[ 1020.335327][T19411] 9pnet_fd: p9_fd_create_unix (19411): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[ 1020.840855][T19323] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1020.941876][ T5818] Bluetooth: hci0: command tx timeout
[ 1021.026447][T19423] SELinux: syz.3.3726 (19423) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1021.053386][T19323] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1021.082056][T19323] bridge_slave_0: entered allmulticast mode
[ 1021.245530][T19323] bridge_slave_0: entered promiscuous mode
[ 1021.276185][T19323] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1021.298342][T19323] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1021.308080][T19323] bridge_slave_1: entered allmulticast mode
[ 1021.318580][T19323] bridge_slave_1: entered promiscuous mode
[ 1021.572407][T19323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1021.583949][ T5862] usb 5-1: new high-speed USB device number 71 using dummy_hcd
[ 1021.743974][ T5862] usb 5-1: Using ep0 maxpacket: 32
[ 1021.755293][ T5862] usb 5-1: unable to get BOS descriptor or descriptor too short
[ 1022.070067][ T5862] usb 5-1: config 128 has an invalid interface number: 127 but max is 3
[ 1022.091455][ T5862] usb 5-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config
[ 1022.148561][ T5862] usb 5-1: config 128 has 1 interface, different from the descriptor's value: 4
[ 1022.175279][ T5862] usb 5-1: config 128 has no interface number 0
[ 1022.181696][ T5862] usb 5-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0
[ 1022.182805][T19323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1022.192139][ T5862] usb 5-1: config 128 interface 127 has no altsetting 0
[ 1022.213044][ T5862] usb 5-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55
[ 1022.226410][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1022.235050][ T5862] usb 5-1: Product: syz
[ 1022.239354][ T5862] usb 5-1: Manufacturer: syz
[ 1022.244377][ T5862] usb 5-1: SerialNumber: syz
[ 1022.376233][   T13] hsr_slave_0: left promiscuous mode
[ 1022.473201][   T13] hsr_slave_1: left promiscuous mode
[ 1022.528623][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1022.695517][T19455] SELinux: syz.2.3733 (19455) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1022.698310][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1022.873118][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1022.895302][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1022.930445][ T5862] usb 5-1: USB disconnect, device number 71
[ 1022.985503][   T13] veth1_macvtap: left promiscuous mode
[ 1023.002096][T18968] udevd[18968]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory
[ 1023.019495][ T5818] Bluetooth: hci0: command tx timeout
[ 1023.029675][   T13] veth0_macvtap: left promiscuous mode
[ 1023.036359][   T13] veth1_vlan: left promiscuous mode
[ 1024.871284][   T13] team0 (unregistering): Port device team_slave_1 removed
[ 1024.913176][   T13] team0 (unregistering): Port device team_slave_0 removed
[ 1025.338610][T19323] team0: Port device team_slave_0 added
[ 1025.394613][T19323] team0: Port device team_slave_1 added
[ 1025.439906][T19478] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3737'.
[ 1025.961271][T19323] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1025.992781][T19323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1026.018859][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1026.083091][T19323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1026.120456][T19323] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1026.167707][T19323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1026.612524][T19323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1027.399357][T19323] hsr_slave_0: entered promiscuous mode
[ 1027.511862][T19323] hsr_slave_1: entered promiscuous mode
[ 1028.832938][   T13] IPVS: stop unused estimator thread 0...
[ 1029.055664][T19510] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3745'.
[ 1029.089480][T19524] SELinux: syz.3.3747 (19524) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1029.114914][T19510] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3745'.
[ 1030.074248][ T5861] usb 5-1: new high-speed USB device number 72 using dummy_hcd
[ 1030.370656][T19323] netdevsim netdevsim6 netdevsim0: renamed from eth0
[ 1030.405581][T19323] netdevsim netdevsim6 netdevsim1: renamed from eth1
[ 1030.430628][T19323] netdevsim netdevsim6 netdevsim2: renamed from eth2
[ 1030.464088][T19323] netdevsim netdevsim6 netdevsim3: renamed from eth3
[ 1030.535550][ T5861] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1030.591636][ T5861] usb 5-1: config 0 has no interfaces?
[ 1030.627994][ T5861] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1030.666573][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.692344][ T5861] usb 5-1: config 0 descriptor??
[ 1030.798188][T19323] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1031.252449][T19323] 8021q: adding VLAN 0 to HW filter on device team0
[ 1031.486431][   T54] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1031.493602][   T54] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1031.641793][   T54] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1031.648971][   T54] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1031.662851][ T5862] usb 5-1: USB disconnect, device number 72
[ 1032.067561][T19323] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1032.138509][T19553] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3753'.
[ 1032.147547][T19553] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3753'.
[ 1032.458994][T19583] SELinux: syz.3.3757 (19583) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1032.634960][T19323] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1034.617249][T19323] veth0_vlan: entered promiscuous mode
[ 1035.144851][T19323] veth1_vlan: entered promiscuous mode
[ 1035.202292][T19323] veth0_macvtap: entered promiscuous mode
[ 1035.249996][T19323] veth1_macvtap: entered promiscuous mode
[ 1035.518313][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1035.532788][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1035.542802][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1035.554028][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1035.992508][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1036.003139][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.013822][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1036.026532][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.043482][T19323] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1036.082186][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1036.101095][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.118703][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1036.131243][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.146216][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1036.158895][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.188475][T19323] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1036.202747][T19323] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1036.265520][T19323] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1036.286834][T19323] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.310442][T19323] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.320213][T19323] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.334943][T19323] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1036.443308][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1036.467332][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1036.602296][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1036.624809][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1037.239902][T19652] SELinux: syz.2.3769 (19652) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1039.372360][T19696] SELinux: syz.2.3777 (19696) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1039.413943][ T5862] usb 5-1: new high-speed USB device number 73 using dummy_hcd
[ 1040.195602][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1040.208184][ T5862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1040.254128][ T5862] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1040.414122][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1040.519556][T19710] SELinux: syz.3.3780 (19710) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1040.785001][ T5862] usb 5-1: config 0 descriptor??
[ 1040.996163][T19716] FAULT_INJECTION: forcing a failure.
[ 1040.996163][T19716] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1041.113974][T19716] CPU: 0 UID: 0 PID: 19716 Comm: syz.2.3781 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1041.114001][T19716] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1041.114011][T19716] Call Trace:
[ 1041.114018][T19716]  <TASK>
[ 1041.114024][T19716]  dump_stack_lvl+0x16c/0x1f0
[ 1041.114054][T19716]  should_fail_ex+0x512/0x640
[ 1041.114079][T19716]  _copy_from_user+0x2e/0xd0
[ 1041.114102][T19716]  dev_ethtool+0x15b/0x5b80
[ 1041.114124][T19716]  ? __kernel_text_address+0xd/0x40
[ 1041.114142][T19716]  ? unwind_get_return_address+0x59/0xa0
[ 1041.114162][T19716]  ? arch_stack_walk+0xa6/0x100
[ 1041.114188][T19716]  ? __pfx_dev_ethtool+0x10/0x10
[ 1041.114208][T19716]  ? look_up_lock_class+0x59/0x150
[ 1041.114227][T19716]  ? register_lock_class+0x41/0x4c0
[ 1041.114256][T19716]  ? __lock_acquire+0xaa4/0x1ba0
[ 1041.114290][T19716]  ? reacquire_held_locks+0xcd/0x1f0
[ 1041.114313][T19716]  ? release_sock+0x21/0x220
[ 1041.114329][T19716]  ? do_raw_spin_lock+0x12c/0x2b0
[ 1041.114347][T19716]  ? find_held_lock+0x2b/0x80
[ 1041.114366][T19716]  ? sctp_ioctl+0x137/0x1e0
[ 1041.114386][T19716]  ? rcu_is_watching+0x12/0xc0
[ 1041.114404][T19716]  ? __local_bh_enable_ip+0xa4/0x120
[ 1041.114432][T19716]  ? __lock_acquire+0x5ca/0x1ba0
[ 1041.114458][T19716]  ? __pfx_avc_has_extended_perms+0x10/0x10
[ 1041.114494][T19716]  ? find_held_lock+0x2b/0x80
[ 1041.114513][T19716]  ? dev_load+0x8e/0x240
[ 1041.114542][T19716]  dev_ioctl+0x290/0x10e0
[ 1041.114569][T19716]  sock_do_ioctl+0x19d/0x280
[ 1041.114590][T19716]  ? __pfx_sock_do_ioctl+0x10/0x10
[ 1041.114615][T19716]  ? ioctl_has_perm.constprop.0.isra.0+0x2f4/0x450
[ 1041.114639][T19716]  ? ioctl_has_perm.constprop.0.isra.0+0x2fe/0x450
[ 1041.114665][T19716]  ? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10
[ 1041.114695][T19716]  sock_ioctl+0x227/0x6b0
[ 1041.114717][T19716]  ? __pfx_sock_ioctl+0x10/0x10
[ 1041.114736][T19716]  ? hook_file_ioctl_common+0x145/0x410
[ 1041.114758][T19716]  ? selinux_file_ioctl+0x180/0x270
[ 1041.114781][T19716]  ? selinux_file_ioctl+0xb4/0x270
[ 1041.114806][T19716]  ? __pfx_sock_ioctl+0x10/0x10
[ 1041.114827][T19716]  __x64_sys_ioctl+0x190/0x200
[ 1041.114852][T19716]  do_syscall_64+0xcd/0x260
[ 1041.114880][T19716]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1041.114896][T19716] RIP: 0033:0x7f7f0118e969
[ 1041.114910][T19716] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1041.114927][T19716] RSP: 002b:00007f7f01fe4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[ 1041.114943][T19716] RAX: ffffffffffffffda RBX: 00007f7f013b5fa0 RCX: 00007f7f0118e969
[ 1041.114954][T19716] RDX: 0000200000000040 RSI: 0000000000008946 RDI: 0000000000000003
[ 1041.114965][T19716] RBP: 00007f7f01fe4090 R08: 0000000000000000 R09: 0000000000000000
[ 1041.114975][T19716] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1041.114985][T19716] R13: 0000000000000000 R14: 00007f7f013b5fa0 R15: 00007ffc785578c8
[ 1041.115008][T19716]  </TASK>
[ 1042.651733][ T5862] usbhid 5-1:0.0: can't add hid device: -71
[ 1042.683286][ T5862] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1042.725431][ T5862] usb 5-1: USB disconnect, device number 73
[ 1042.988326][T19745] SELinux: syz.2.3787 (19745) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1043.358874][   T30] audit: type=1400 audit(2000000204.040:1049): avc:  denied  { read } for  pid=19748 comm="syz.3.3788" name="snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1043.597317][   T30] audit: type=1400 audit(2000000204.040:1050): avc:  denied  { open } for  pid=19748 comm="syz.3.3788" path="/dev/snapshot" dev="devtmpfs" ino=92 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1
[ 1044.027091][    T9] IPVS: starting estimator thread 0...
[ 1044.051989][ T5818] Bluetooth: hci1: unexpected event for opcode 0x0c03
[ 1044.124617][T19760] IPVS: using max 47 ests per chain, 112800 per kthread
[ 1044.240796][T19754] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1044.254267][T19754] Bluetooth: hci5: Opcode 0x0406 failed: -4
[ 1044.270826][T19750] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1044.299846][T19754] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1044.327331][T19754] Bluetooth: hci2: Opcode 0x0406 failed: -4
[ 1044.345777][T19754] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1044.444596][T19754] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1044.574330][T19754] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1044.611681][T19754] Bluetooth: hci1: Opcode 0x0406 failed: -4
[ 1044.734818][T19754] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1046.124034][ T5818] Bluetooth: hci5: command 0x0406 tx timeout
[ 1046.236205][   T30] audit: type=1400 audit(2000000206.920:1051): avc:  denied  { write } for  pid=19796 comm="syz.2.3796" lport=49483 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1046.259927][   T30] audit: type=1400 audit(2000000206.920:1052): avc:  denied  { setopt } for  pid=19796 comm="syz.2.3796" lport=49483 faddr=::ffff:172.20.255.187 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=sctp_socket permissive=1
[ 1046.375272][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[ 1046.381695][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[ 1046.752557][ T5818] Bluetooth: hci1: command 0x0406 tx timeout
[ 1046.892602][T19810] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3799'.
[ 1047.235143][T19791] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3795'.
[ 1047.257227][T19791] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3795'.
[ 1048.203734][ T5818] Bluetooth: hci5: command 0x0406 tx timeout
[ 1048.444222][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[ 1048.446235][T12355] Bluetooth: hci3: command 0x0406 tx timeout
[ 1048.673941][T19835] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3805'.
[ 1048.764674][T12355] Bluetooth: hci1: command 0x0406 tx timeout
[ 1048.953986][ T5940] usb 5-1: new high-speed USB device number 74 using dummy_hcd
[ 1049.407370][ T5940] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1049.583714][ T5940] usb 5-1: config 0 has no interfaces?
[ 1049.595639][ T5940] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1049.612021][ T5940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1049.676038][   T30] audit: type=1326 audit(2000000210.340:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19848 comm="syz.6.3808" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0e4b8e969 code=0x0
[ 1049.886275][ T5940] usb 5-1: config 0 descriptor??
[ 1050.135298][ T5861] usb 5-1: USB disconnect, device number 74
[ 1052.193022][T19885] SELinux: syz.4.3816 (19885) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1052.752649][T19891] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3818'.
[ 1053.584396][T19902] sp0: Synchronizing with TNC
[ 1054.072634][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1054.083976][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1054.167819][   T30] audit: type=1326 audit(2000000214.840:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=19908 comm="syz.4.3823" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd90d98e969 code=0x0
[ 1054.355224][   T30] audit: type=1400 audit(2000000214.880:1055): avc:  denied  { accept } for  pid=19907 comm="syz.3.3822" lport=2 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1
[ 1054.503266][T19919] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1056.030838][T19950] SELinux: syz.4.3829 (19950) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1056.335601][T19954] IPVS: set_ctl: invalid protocol: 46 172.30.1.7:20000
[ 1058.295309][T19974] bpf: Bad value for 'mode'
[ 1058.509470][T19973] sctp: [Deprecated]: syz.2.3835 (pid 19973) Use of int in max_burst socket option deprecated.
[ 1058.509470][T19973] Use struct sctp_assoc_value instead
[ 1058.740099][T19979] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1060.464127][T20005] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[ 1063.497347][   T30] audit: type=1326 audit(2000000224.170:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1063.826621][   T30] audit: type=1326 audit(2000000224.170:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1063.850070][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1063.978014][   T30] audit: type=1326 audit(2000000224.170:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.352203][   T30] audit: type=1326 audit(2000000224.170:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.495294][T20039] SELinux: syz.3.3852 (20039) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1064.543762][   T30] audit: type=1326 audit(2000000224.170:1060): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.581282][   T30] audit: type=1326 audit(2000000224.170:1061): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.611418][   T30] audit: type=1326 audit(2000000224.170:1062): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.754220][   T30] audit: type=1326 audit(2000000224.170:1063): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.777863][   T30] audit: type=1326 audit(2000000224.170:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1064.815204][   T30] audit: type=1326 audit(2000000224.170:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20024 comm="syz.1.3848" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f27bff8e969 code=0x7ffc0000
[ 1066.444783][T12355] Bluetooth: hci1: unexpected event for opcode 0x0c03
[ 1066.801318][T20072] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1066.838058][T20075] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1066.871313][T20075] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1066.913948][T20075] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1066.948635][T20075] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1066.969194][T20075] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1067.130749][T20081] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[ 1067.207076][T20081] evm: overlay not supported
[ 1067.354190][ T5864] usb 4-1: new high-speed USB device number 99 using dummy_hcd
[ 1067.532601][ T5864] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1067.561045][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1067.586218][ T5864] usb 4-1: config 0 descriptor??
[ 1067.601077][ T5864] cp210x 4-1:0.0: cp210x converter detected
[ 1067.818311][ T5864] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1067.838503][ T5864] cp210x 4-1:0.0: querying part number failed
[ 1067.868305][ T5864] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1067.891565][ T5864] usb 4-1: USB disconnect, device number 99
[ 1067.930688][ T5864] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1067.997611][ T5864] cp210x 4-1:0.0: device disconnected
[ 1068.828064][T12355] Bluetooth: hci5: command 0x0406 tx timeout
[ 1068.923820][T12355] Bluetooth: hci1: command 0x0406 tx timeout
[ 1068.929908][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[ 1068.936401][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[ 1072.310261][T20181] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3877'.
[ 1072.820260][T20188] FAULT_INJECTION: forcing a failure.
[ 1072.820260][T20188] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1072.974223][   T30] kauditd_printk_skb: 11 callbacks suppressed
[ 1072.974240][   T30] audit: type=1326 audit(2000000233.650:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1073.013152][T20187] overlayfs: only single ':' or double '::' sequences of unescaped colons in lowerdir mount option allowed.
[ 1073.030251][T20188] CPU: 0 UID: 0 PID: 20188 Comm: syz.6.3881 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1073.030277][T20188] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1073.030288][T20188] Call Trace:
[ 1073.030293][T20188]  <TASK>
[ 1073.030301][T20188]  dump_stack_lvl+0x16c/0x1f0
[ 1073.030327][T20188]  should_fail_ex+0x512/0x640
[ 1073.030353][T20188]  _copy_from_iter+0x2a4/0x15b0
[ 1073.030377][T20188]  ? __alloc_skb+0x200/0x380
[ 1073.030400][T20188]  ? __pfx__copy_from_iter+0x10/0x10
[ 1073.030420][T20188]  ? selinux_socket_getpeersec_dgram+0x1a4/0x370
[ 1073.030442][T20188]  ? __pfx_selinux_socket_getpeersec_dgram+0x10/0x10
[ 1073.030473][T20188]  netlink_sendmsg+0x829/0xdd0
[ 1073.030499][T20188]  ? __pfx_netlink_sendmsg+0x10/0x10
[ 1073.030527][T20188]  ____sys_sendmsg+0xa95/0xc70
[ 1073.030550][T20188]  ? copy_msghdr_from_user+0x10a/0x160
[ 1073.030566][T20188]  ? __pfx_____sys_sendmsg+0x10/0x10
[ 1073.030599][T20188]  ___sys_sendmsg+0x134/0x1d0
[ 1073.030617][T20188]  ? __pfx____sys_sendmsg+0x10/0x10
[ 1073.030664][T20188]  __sys_sendmsg+0x16d/0x220
[ 1073.030682][T20188]  ? __pfx___sys_sendmsg+0x10/0x10
[ 1073.030705][T20188]  ? rcu_is_watching+0x12/0xc0
[ 1073.030733][T20188]  do_syscall_64+0xcd/0x260
[ 1073.030758][T20188]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1073.030775][T20188] RIP: 0033:0x7fe0e4b8e969
[ 1073.030790][T20188] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1073.030814][T20188] RSP: 002b:00007fe0e5a47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[ 1073.030830][T20188] RAX: ffffffffffffffda RBX: 00007fe0e4db5fa0 RCX: 00007fe0e4b8e969
[ 1073.030842][T20188] RDX: 0000000000000000 RSI: 0000200000000840 RDI: 0000000000000003
[ 1073.030852][T20188] RBP: 00007fe0e5a47090 R08: 0000000000000000 R09: 0000000000000000
[ 1073.030862][T20188] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1073.030872][T20188] R13: 0000000000000000 R14: 00007fe0e4db5fa0 R15: 00007fffa79cde48
[ 1073.030895][T20188]  </TASK>
[ 1073.289453][   T30] audit: type=1326 audit(2000000233.650:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1073.313418][   T30] audit: type=1326 audit(2000000233.650:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1073.529111][   T30] audit: type=1326 audit(2000000233.650:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1073.717395][   T30] audit: type=1326 audit(2000000233.650:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1073.825127][   T30] audit: type=1326 audit(2000000233.650:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1074.014323][   T30] audit: type=1326 audit(2000000233.650:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1074.043935][ T5940] usb 4-1: new high-speed USB device number 100 using dummy_hcd
[ 1074.224058][   T30] audit: type=1326 audit(2000000233.650:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1074.683881][   T30] audit: type=1326 audit(2000000233.650:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1074.711363][ T5940] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1074.721609][   T30] audit: type=1326 audit(2000000233.650:1086): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20177 comm="syz.4.3879" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd90d98e969 code=0x7fc00000
[ 1074.773518][ T5940] usb 4-1: config 0 has no interfaces?
[ 1075.576452][ T5940] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1075.586643][ T5940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1075.906689][ T5940] usb 4-1: config 0 descriptor??
[ 1077.782712][    T9] usb 4-1: USB disconnect, device number 100
[ 1078.719996][T20267] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3897'.
[ 1079.463870][   T30] kauditd_printk_skb: 47 callbacks suppressed
[ 1079.463888][   T30] audit: type=1326 audit(2000000240.140:1134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20274 comm="syz.3.3899" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4fcf8e969 code=0x0
[ 1082.533058][T20315] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3907'.
[ 1082.550743][T20315] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3907'.
[ 1082.736749][T20324] Bluetooth: hci0: Opcode 0x0c03 failed: -38
[ 1083.853921][T20327] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1083.876283][T20327] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1083.895869][T20327] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1083.911707][T20327] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1083.924927][T20327] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1084.529115][T20354] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1084.924101][T12355] Bluetooth: hci5: command 0x0406 tx timeout
[ 1085.887454][T12355] Bluetooth: hci2: command 0x0406 tx timeout
[ 1086.019336][T12355] Bluetooth: hci0: command 0x0c1a tx timeout
[ 1086.027202][ T5818] Bluetooth: hci1: command 0x0406 tx timeout
[ 1086.033228][ T5818] Bluetooth: hci3: command 0x0406 tx timeout
[ 1086.040554][   T30] audit: type=1326 audit(2000000246.700:1135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20369 comm="syz.1.3916" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f27bff8e969 code=0x0
[ 1086.681285][T20373] SELinux: syz.4.3919 (20373) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1088.713953][T20404] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3928'.
[ 1088.740635][T20404] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3928'.
[ 1088.819777][T20407] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1090.308407][T20424] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1091.635073][T20435] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1092.683791][ T5940] usb 5-1: new high-speed USB device number 75 using dummy_hcd
[ 1092.878540][ T5940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1092.947980][ T5940] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1092.970767][ T5940] usb 5-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1092.990168][ T5940] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.004385][    T9] usb 4-1: new high-speed USB device number 101 using dummy_hcd
[ 1093.012068][ T5940] usb 5-1: config 0 descriptor??
[ 1093.076033][T20452] wg2: left promiscuous mode
[ 1093.085214][T20452] wg2: left allmulticast mode
[ 1093.151165][T20452] wg2: entered promiscuous mode
[ 1093.166675][T20452] wg2: entered allmulticast mode
[ 1093.175175][    T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1093.186974][T20454] wg2: entered promiscuous mode
[ 1093.192284][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1093.203357][T20454] wg2: entered allmulticast mode
[ 1093.235175][    T9] usb 4-1: config 0 descriptor??
[ 1093.273343][    T9] cp210x 4-1:0.0: cp210x converter detected
[ 1093.505867][T20464] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3943'.
[ 1093.539711][T20464] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3943'.
[ 1093.609430][T20466] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1094.022016][    T9] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1094.045344][    T9] cp210x 4-1:0.0: querying part number failed
[ 1094.078716][    T9] usb 4-1: cp210x converter now attached to ttyUSB0
[ 1094.124646][    T9] usb 4-1: USB disconnect, device number 101
[ 1094.150497][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1094.179286][    T9] cp210x 4-1:0.0: device disconnected
[ 1094.682977][T20473] SELinux: syz.6.3947 (20473) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1095.318135][T20478] SELinux: syz.6.3949 (20478) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1095.584134][ T5864] usb 4-1: new high-speed USB device number 102 using dummy_hcd
[ 1095.650628][ T5940] usbhid 5-1:0.0: can't add hid device: -71
[ 1095.680280][ T5940] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1095.791739][ T5940] usb 5-1: USB disconnect, device number 75
[ 1095.970700][ T5864] usb 4-1: Using ep0 maxpacket: 32
[ 1095.976972][ T5864] usb 4-1: config 2 has an invalid interface number: 45 but max is 0
[ 1095.993677][ T5864] usb 4-1: config 2 has no interface number 0
[ 1096.013438][ T5864] usb 4-1: config 2 interface 45 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[ 1096.050508][ T5864] usb 4-1: config 2 interface 45 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[ 1096.112655][ T5864] usb 4-1: New USB device found, idVendor=0d46, idProduct=0078, bcdDevice=82.92
[ 1096.142238][ T5864] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1096.175645][ T5864] usb 4-1: Product: syz
[ 1096.190025][ T5864] usb 4-1: Manufacturer: syz
[ 1096.202800][ T5864] usb 4-1: SerialNumber: syz
[ 1096.285822][ T5864] kobil_sct 4-1:2.45: KOBIL USB smart card terminal converter detected
[ 1096.299931][ T5864] usb 4-1: KOBIL USB smart card terminal converter now attached to ttyUSB0
[ 1098.662585][T11199] usb 4-1: USB disconnect, device number 102
[ 1098.705782][T11199] kobil ttyUSB0: KOBIL USB smart card terminal converter now disconnected from ttyUSB0
[ 1098.722770][T11199] kobil_sct 4-1:2.45: device disconnected
[ 1101.063831][T20546] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3968'.
[ 1102.152713][T20555] SELinux: syz.3.3971 (20555) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1102.199568][T20539] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3966'.
[ 1102.210895][T20539] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3966'.
[ 1105.307026][T20596] FAULT_INJECTION: forcing a failure.
[ 1105.307026][T20596] name fail_usercopy, interval 1, probability 0, space 0, times 0
[ 1105.356563][T20596] CPU: 1 UID: 0 PID: 20596 Comm: syz.4.3981 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1105.356589][T20596] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1105.356599][T20596] Call Trace:
[ 1105.356605][T20596]  <TASK>
[ 1105.356612][T20596]  dump_stack_lvl+0x16c/0x1f0
[ 1105.356636][T20596]  should_fail_ex+0x512/0x640
[ 1105.356660][T20596]  strncpy_from_user+0x3b/0x2e0
[ 1105.356682][T20596]  getname_flags.part.0+0x8f/0x550
[ 1105.356705][T20596]  getname_flags+0x93/0xf0
[ 1105.356727][T20596]  user_path_at+0x24/0x60
[ 1105.356751][T20596]  __x64_sys_mount+0x1fc/0x310
[ 1105.356770][T20596]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1105.356786][T20596]  ? rcu_is_watching+0x12/0xc0
[ 1105.356811][T20596]  do_syscall_64+0xcd/0x260
[ 1105.356833][T20596]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1105.356849][T20596] RIP: 0033:0x7fd90d98e969
[ 1105.356863][T20596] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1105.356878][T20596] RSP: 002b:00007fd90e79b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1105.356894][T20596] RAX: ffffffffffffffda RBX: 00007fd90dbb6160 RCX: 00007fd90d98e969
[ 1105.356905][T20596] RDX: 0000200000002100 RSI: 00002000000042c0 RDI: 0000000000000000
[ 1105.356914][T20596] RBP: 00007fd90e79b090 R08: 0000000000000000 R09: 0000000000000000
[ 1105.356924][T20596] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[ 1105.356934][T20596] R13: 0000000000000000 R14: 00007fd90dbb6160 R15: 00007ffefedc2648
[ 1105.356957][T20596]  </TASK>
[ 1106.152327][   T30] audit: type=1326 audit(2000000266.830:1136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20604 comm="syz.3.3984" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4fcf8e969 code=0x0
[ 1108.257300][T19793] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1108.666619][T19793] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1109.005376][T19793] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1109.241209][T19793] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1110.642815][T20663] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3999'.
[ 1111.074066][T16721] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1111.086279][T16721] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1111.098312][T16721] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1111.100323][T19793] bridge_slave_1: left allmulticast mode
[ 1111.209627][T16721] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1111.221570][T16721] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1111.433416][T19793] bridge_slave_1: left promiscuous mode
[ 1111.441773][T19793] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1111.491292][T19793] bridge_slave_0: left allmulticast mode
[ 1111.533908][T19793] bridge_slave_0: left promiscuous mode
[ 1111.539648][T19793] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1112.291743][   T30] audit: type=1400 audit(2000000272.970:1137): avc:  denied  { mount } for  pid=20682 comm="syz.6.4007" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1112.326714][   T30] audit: type=1400 audit(2000000272.990:1138): avc:  denied  { unmount } for  pid=19323 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[ 1112.750962][T20693] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=20693 comm=syz.6.4009
[ 1113.575430][T16721] Bluetooth: hci3: command tx timeout
[ 1113.866924][T19793] 
 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1113.889774][T19793] 
 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1113.911861][T19793] 
 (unregistering): Released all slaves
[ 1113.942900][T20675] netlink: 'syz.2.4002': attribute type 12 has an invalid length.
[ 1113.951715][T20675] netlink: 'syz.2.4002': attribute type 29 has an invalid length.
[ 1113.960937][T20675] netlink: 140 bytes leftover after parsing attributes in process `syz.2.4002'.
[ 1114.575395][T20708] veth1_to_bond: entered allmulticast mode
[ 1114.581450][T20708] veth1_to_bond: entered promiscuous mode
[ 1114.588221][T20707] veth1_to_bond: left promiscuous mode
[ 1114.620744][T20707] veth1_to_bond: left allmulticast mode
[ 1114.638311][T19793] tipc: Left network mode
[ 1115.517470][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[ 1115.523851][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[ 1115.615029][T20722] SELinux: syz.2.4016 (20722) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1115.659482][T16721] Bluetooth: hci3: command tx timeout
[ 1115.921806][T20740] wg2: left promiscuous mode
[ 1115.951575][T20740] wg2: left allmulticast mode
[ 1116.011724][T20742] wg2: entered promiscuous mode
[ 1116.195753][T20742] wg2: entered allmulticast mode
[ 1116.233892][T20748] SELinux: syz.6.4020 (20748) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1116.643301][T19793] hsr_slave_0: left promiscuous mode
[ 1117.365479][T19793] hsr_slave_1: left promiscuous mode
[ 1117.374929][T19793] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1117.657192][T19793] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1117.733718][T16721] Bluetooth: hci3: command tx timeout
[ 1117.740488][T19793] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1117.867007][T20768] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=20768 comm=syz.6.4024
[ 1118.544034][T19793] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1118.687128][T19793] veth1_macvtap: left promiscuous mode
[ 1118.698433][T19793] veth0_macvtap: left promiscuous mode
[ 1118.708678][T19793] veth1_vlan: left promiscuous mode
[ 1118.714419][T19793] veth0_vlan: left promiscuous mode
[ 1119.427380][   T30] audit: type=1400 audit(2000000280.110:1139): avc:  denied  { ioctl } for  pid=20771 comm="syz.3.4026" path="socket:[66279]" dev="sockfs" ino=66279 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[ 1119.777108][T20786] SELinux: syz.2.4029 (20786) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1119.813832][T16721] Bluetooth: hci3: command tx timeout
[ 1120.110133][T19793] team0 (unregistering): Port device team_slave_1 removed
[ 1120.150437][T19793] team0 (unregistering): Port device team_slave_0 removed
[ 1120.604608][T20778] tun0: tun_chr_ioctl cmd 1074025675
[ 1120.630316][T20778] tun0: persist enabled
[ 1120.821863][   T30] audit: type=1326 audit(2000000281.490:1140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1120.845341][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1120.864027][T20665] chnl_net:caif_netlink_parms(): no params data found
[ 1120.914641][   T30] audit: type=1326 audit(2000000281.490:1141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.004256][   T30] audit: type=1326 audit(2000000281.490:1142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.027728][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1121.058695][   T30] audit: type=1326 audit(2000000281.500:1143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.084412][   T30] audit: type=1326 audit(2000000281.500:1144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.107860][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1121.114566][   T30] audit: type=1326 audit(2000000281.560:1145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.140026][   T30] audit: type=1326 audit(2000000281.560:1146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.164000][   T30] audit: type=1326 audit(2000000281.560:1147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.209507][   T30] audit: type=1326 audit(2000000281.560:1148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20795 comm="syz.2.4031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7f0118e969 code=0x7ffc0000
[ 1121.261913][T20665] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1121.283324][T20665] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1121.295113][T20665] bridge_slave_0: entered allmulticast mode
[ 1121.312388][T20665] bridge_slave_0: entered promiscuous mode
[ 1121.324367][T20665] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1121.331635][T20665] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1121.339179][T20665] bridge_slave_1: entered allmulticast mode
[ 1121.343920][ T5858] usb 4-1: new high-speed USB device number 103 using dummy_hcd
[ 1121.356210][T20665] bridge_slave_1: entered promiscuous mode
[ 1121.452734][T20665] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1121.468365][T20665] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1121.530883][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1121.559323][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1121.573600][ T5858] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1121.589529][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1121.605714][ T5858] usb 4-1: config 0 descriptor??
[ 1121.707175][T20665] team0: Port device team_slave_0 added
[ 1121.760501][T20665] team0: Port device team_slave_1 added
[ 1121.793776][    T9] usb 3-1: new high-speed USB device number 67 using dummy_hcd
[ 1122.045447][    T9] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[ 1122.178818][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1122.215535][    T9] usb 3-1: config 0 descriptor??
[ 1122.232350][    T9] cp210x 3-1:0.0: cp210x converter detected
[ 1122.306989][T20665] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1122.329633][T19793] IPVS: stop unused estimator thread 0...
[ 1122.344482][T20665] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1122.383230][T20665] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1122.398604][T20665] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1122.405900][T20665] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1122.442072][T20665] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1122.472975][    T9] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71
[ 1122.487515][    T9] cp210x 3-1:0.0: querying part number failed
[ 1122.516640][    T9] usb 3-1: cp210x converter now attached to ttyUSB0
[ 1122.548351][    T9] usb 3-1: USB disconnect, device number 67
[ 1122.561795][T20665] hsr_slave_0: entered promiscuous mode
[ 1122.585967][    T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[ 1122.586203][T20665] hsr_slave_1: entered promiscuous mode
[ 1122.618152][    T9] cp210x 3-1:0.0: device disconnected
[ 1122.623414][T20665] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1122.634358][T20665] Cannot create hsr debugfs directory
[ 1122.777426][ T5858] hid-led 0003:0FC5:B080.0031: unknown main item tag 0x0
[ 1122.962606][ T5858] hid-led 0003:0FC5:B080.0031: probe with driver hid-led failed with error -71
[ 1123.001163][ T5858] usb 4-1: USB disconnect, device number 103
[ 1125.076485][T20880] SELinux: syz.3.4044 (20880) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1125.234688][T20665] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1125.330701][T20665] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1125.389232][T20665] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1125.492224][T20665] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1126.141979][T20665] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1126.191034][T20665] 8021q: adding VLAN 0 to HW filter on device team0
[ 1126.928437][T20665] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[ 1126.944233][T20665] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[ 1126.957980][ T6614] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1126.965099][ T6614] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1127.021819][ T6614] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1127.029004][ T6614] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1127.986501][   T30] kauditd_printk_skb: 50 callbacks suppressed
[ 1127.986516][   T30] audit: type=1326 audit(2000000288.620:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.091232][   T30] audit: type=1326 audit(2000000288.620:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.114927][   T30] audit: type=1326 audit(2000000288.630:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.205636][   T30] audit: type=1326 audit(2000000288.630:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.328767][   T30] audit: type=1326 audit(2000000288.630:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.390464][T20665] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1128.449358][   T30] audit: type=1326 audit(2000000288.630:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.560391][   T30] audit: type=1326 audit(2000000288.630:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.824220][   T30] audit: type=1326 audit(2000000288.630:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.932740][T20665] veth0_vlan: entered promiscuous mode
[ 1128.950394][   T30] audit: type=1326 audit(2000000288.630:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1128.973851][    C0] vkms_vblank_simulate: vblank timer overrun
[ 1129.006636][T20665] veth1_vlan: entered promiscuous mode
[ 1129.041075][   T30] audit: type=1326 audit(2000000288.630:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=20912 comm="syz.6.4051" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e4b8e969 code=0x7fc00000
[ 1129.079935][T20665] veth0_macvtap: entered promiscuous mode
[ 1129.091170][T20665] veth1_macvtap: entered promiscuous mode
[ 1129.205598][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1129.246266][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1129.287176][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1129.331333][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1129.388129][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1129.568704][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1129.849753][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1129.870749][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1129.979413][T20665] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1129.997904][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1130.011142][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1130.026862][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1130.082094][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1130.175731][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1130.494069][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1130.529287][T20665] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1130.540101][T20665] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1130.557498][T20665] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1130.627100][T11199] usb 3-1: new high-speed USB device number 68 using dummy_hcd
[ 1130.668137][T20665] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1130.747324][T20665] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1130.763754][T20665] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1130.772483][T20665] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1130.822044][T11199] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0093, bcdDevice=23.5a
[ 1130.831179][ T5858] hid-generic 0000:0001:424A.0032: item fetching failed at offset 5/156
[ 1130.831631][ T5858] hid-generic 0000:0001:424A.0032: probe with driver hid-generic failed with error -22
[ 1130.875556][T11199] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1130.908420][T11199] usb 3-1: Product: syz
[ 1130.912619][T11199] usb 3-1: Manufacturer: syz
[ 1130.936579][T11199] usb 3-1: SerialNumber: syz
[ 1130.953524][T11199] usb 3-1: config 0 descriptor??
[ 1131.005109][T19792] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1131.030860][T19792] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1131.081938][T19792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1131.102971][T19792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1131.178115][T20961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1131.199093][T20961] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1131.268485][T11199] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[ 1131.283835][T11199] dvb_usb_af9035 3-1:0.0: probe with driver dvb_usb_af9035 failed with error -22
[ 1131.295601][T11199] usb 3-1: USB disconnect, device number 68
[ 1133.557573][T21003] netlink: 300 bytes leftover after parsing attributes in process `syz.3.4063'.
[ 1133.567147][ T5940] usb 3-1: new high-speed USB device number 69 using dummy_hcd
[ 1134.784616][ T5940] usb 3-1: config 0 has no interfaces?
[ 1135.417751][T21028] SELinux: syz.6.4069 (21028) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1135.848752][T19792] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1136.540070][T19792] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1136.716228][   T30] kauditd_printk_skb: 72 callbacks suppressed
[ 1136.716261][   T30] audit: type=1326 audit(2000000297.400:1281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=21044 comm="syz.6.4074" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe0e4b8e969 code=0x0
[ 1136.790778][T21046] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4073'.
[ 1136.805581][T19792] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1136.822742][   T30] audit: type=1400 audit(2000000297.470:1282): avc:  denied  { read } for  pid=21042 comm="syz.3.4073" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[ 1136.842983][T21046] netlink: 64 bytes leftover after parsing attributes in process `syz.3.4073'.
[ 1136.942732][ T5940] usb 3-1: string descriptor 0 read error: -71
[ 1136.953938][ T5940] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[ 1136.985092][T12355] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1136.985763][ T5940] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1137.001139][T12355] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1137.010367][T12355] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1137.018434][T12355] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1137.025895][T12355] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1137.042540][ T5940] usb 3-1: config 0 descriptor??
[ 1137.066723][ T5940] usb 3-1: can't set config #0, error -71
[ 1137.092668][ T5940] usb 3-1: USB disconnect, device number 69
[ 1137.121539][T19792] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1137.324409][T19792] bridge_slave_1: left allmulticast mode
[ 1137.330492][T19792] bridge_slave_1: left promiscuous mode
[ 1137.336277][T19792] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1137.355918][T19792] bridge_slave_0: left allmulticast mode
[ 1137.362790][T19792] bridge_slave_0: left promiscuous mode
[ 1137.376853][T19792] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1138.447719][T21069] netlink: 300 bytes leftover after parsing attributes in process `syz.1.4078'.
[ 1139.093889][T12355] Bluetooth: hci3: command tx timeout
[ 1139.222241][T21076] SELinux: syz.2.4081 (21076) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1139.248129][ T5858] usb 4-1: new high-speed USB device number 104 using dummy_hcd
[ 1139.469641][ T5858] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1139.591800][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1140.044784][ T5858] usb 4-1: config 0 descriptor??
[ 1140.084902][ T5858] gspca_main: cpia1-2.14.0 probing 0813:0001
[ 1140.168205][T19792] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1140.193385][T19792] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1140.206987][T19792] bond0 (unregistering): Released all slaves
[ 1140.366039][ T5858] gspca_cpia1: usb_control_msg 05, error -71
[ 1140.376475][ T5858] gspca_cpia1: usb_control_msg 01, error -71
[ 1140.382590][ T5858] cpia1 4-1:0.0: only firmware version 1 is supported (got: 0)
[ 1140.412187][ T5858] usb 4-1: USB disconnect, device number 104
[ 1141.293873][T12355] Bluetooth: hci3: command tx timeout
[ 1142.236580][T21049] chnl_net:caif_netlink_parms(): no params data found
[ 1142.504359][ T5940] usb 4-1: new high-speed USB device number 105 using dummy_hcd
[ 1142.591340][T21049] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1142.602222][T21049] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1142.619072][T21049] bridge_slave_0: entered allmulticast mode
[ 1142.630396][T21049] bridge_slave_0: entered promiscuous mode
[ 1142.657837][T19792] hsr_slave_0: left promiscuous mode
[ 1142.676526][ T5940] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1142.687685][T19792] hsr_slave_1: left promiscuous mode
[ 1142.688273][ T5940] usb 4-1: config 0 has no interfaces?
[ 1142.694132][T19792] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1142.698971][ T5940] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1142.711160][T19792] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1142.723135][T19792] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1142.723245][ T5940] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1142.730824][T19792] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1142.748720][ T5940] usb 4-1: config 0 descriptor??
[ 1142.807140][T19792] veth1_macvtap: left promiscuous mode
[ 1142.928199][T19792] veth0_macvtap: left promiscuous mode
[ 1143.049581][T19792] veth1_vlan: left promiscuous mode
[ 1143.155007][T19792] veth0_vlan: left promiscuous mode
[ 1143.193873][ T5864] usb 4-1: USB disconnect, device number 105
[ 1143.357449][T12355] Bluetooth: hci3: command tx timeout
[ 1143.769085][T19792] team0 (unregistering): Port device team_slave_1 removed
[ 1144.022511][T19792] team0 (unregistering): Port device team_slave_0 removed
[ 1144.406492][T21049] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1144.431410][T21049] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1144.456797][T21049] bridge_slave_1: entered allmulticast mode
[ 1144.480542][T21049] bridge_slave_1: entered promiscuous mode
[ 1144.489626][T21136] wg2: left promiscuous mode
[ 1144.499597][T21136] wg2: left allmulticast mode
[ 1144.594192][T21138] wg2: entered promiscuous mode
[ 1144.602918][T21138] wg2: entered allmulticast mode
[ 1144.806916][T21049] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1144.874694][T21049] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1145.405005][T12355] Bluetooth: hci3: command tx timeout
[ 1145.441957][T21049] team0: Port device team_slave_0 added
[ 1145.471475][T21049] team0: Port device team_slave_1 added
[ 1145.772353][T21049] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1145.804770][T21049] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1145.830765][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1146.647653][T21049] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1146.950055][T21049] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1146.977248][T21049] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1147.003191][    C1] vkms_vblank_simulate: vblank timer overrun
[ 1147.086415][T21049] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1147.660819][T21049] hsr_slave_0: entered promiscuous mode
[ 1147.670302][T21049] hsr_slave_1: entered promiscuous mode
[ 1147.677141][T21049] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1147.689389][T21049] Cannot create hsr debugfs directory
[ 1147.753986][ T5864] usb 4-1: new high-speed USB device number 106 using dummy_hcd
[ 1147.906074][ T5864] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[ 1147.925733][ T5864] usb 4-1: config 0 has no interfaces?
[ 1147.940537][ T5864] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[ 1147.965359][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1147.982366][ T5864] usb 4-1: config 0 descriptor??
[ 1147.990410][T21198] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4104'.
[ 1148.130634][T21205] wg2: left promiscuous mode
[ 1148.135602][T21205] wg2: left allmulticast mode
[ 1148.151063][T21205] wg2: entered promiscuous mode
[ 1148.157255][T21205] wg2: entered allmulticast mode
[ 1148.173751][ T5858] usb 3-1: new high-speed USB device number 70 using dummy_hcd
[ 1148.220596][    T9] usb 4-1: USB disconnect, device number 106
[ 1148.337820][ T5858] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1148.349132][ T5858] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1148.367338][ T5858] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1148.376874][ T5858] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1148.391120][ T5858] usb 3-1: config 0 descriptor??
[ 1148.833804][T21049] netdevsim netdevsim4 netdevsim0: renamed from eth0
[ 1148.865863][T21049] netdevsim netdevsim4 netdevsim1: renamed from eth1
[ 1148.886752][T21049] netdevsim netdevsim4 netdevsim2: renamed from eth2
[ 1148.902746][T21049] netdevsim netdevsim4 netdevsim3: renamed from eth3
[ 1149.026867][T12355] Bluetooth: hci1: unexpected event for opcode 0x0c03
[ 1149.062382][T21049] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1149.136830][T21049] 8021q: adding VLAN 0 to HW filter on device team0
[ 1149.166791][ T6539] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1149.173965][ T6539] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1149.198639][ T6539] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1149.205833][ T6539] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1149.337228][ T5858] usbhid 3-1:0.0: can't add hid device: -71
[ 1149.343247][ T5858] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[ 1149.361380][ T5858] usb 3-1: USB disconnect, device number 70
[ 1149.716263][T21230] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1149.716305][T21232] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1149.815496][T21232] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1149.824909][T21232] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1149.861073][T21232] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1149.872436][T21232] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1149.893378][T21232] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1149.977320][T21232] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1150.107135][T21049] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1151.107789][T12355] Bluetooth: hci5: command 0x0406 tx timeout
[ 1151.884098][T12355] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1151.884191][T16721] Bluetooth: hci1: command 0x0406 tx timeout
[ 1151.890545][T12355] Bluetooth: hci2: command 0x0406 tx timeout
[ 1152.206749][T21049] veth0_vlan: entered promiscuous mode
[ 1153.228421][T21049] veth1_vlan: entered promiscuous mode
[ 1153.621460][T21049] veth0_macvtap: entered promiscuous mode
[ 1153.872524][T21049] veth1_macvtap: entered promiscuous mode
[ 1154.544865][T21313] netlink: 300 bytes leftover after parsing attributes in process `syz.3.4124'.
[ 1154.798077][T21285] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1154.856366][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1154.875538][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1154.892045][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1154.910860][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1154.921020][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1154.949156][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1154.975545][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1154.997104][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1155.177787][T21049] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1155.187766][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1155.221100][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1155.598110][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1155.627565][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1155.653368][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1155.697848][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1155.731132][T21049] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1155.742292][T21049] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1155.756791][T21049] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1155.782256][T21049] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1156.569738][T21049] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1156.603310][T21049] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1156.622689][T21049] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1156.843748][T21285] Bluetooth: hci3: command 0x0c1a tx timeout
[ 1157.416144][   T62] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1157.439611][   T62] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1158.242129][T19792] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1158.269811][T19792] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1158.771032][T21386] SELinux: syz.3.4137 (21386) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1158.799646][T21285] Bluetooth: hci5: unexpected event for opcode 0x0c03
[ 1159.312071][ T6539] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.449003][T21380] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1159.459889][ T6539] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.483956][T21387] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1159.507518][T21387] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1159.534488][T21387] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1159.540585][T21387] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1159.645620][ T6539] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1159.880480][ T6539] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1160.012463][T21419] SELinux: syz.2.4139 (21419) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1160.963981][ T5818] Bluetooth: hci5: command 0x0406 tx timeout
[ 1161.465289][T21438] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=21438 comm=syz.2.4141
[ 1161.612230][T21439] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1161.816541][ T5818] Bluetooth: hci1: command 0x0406 tx timeout
[ 1162.114448][T21285] Bluetooth: hci2: command 0x0406 tx timeout
[ 1162.421076][ T6539] bridge_slave_1: left allmulticast mode
[ 1162.433733][ T6539] bridge_slave_1: left promiscuous mode
[ 1162.439936][ T6539] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1162.482313][ T6539] bridge_slave_0: left allmulticast mode
[ 1162.508499][ T6539] bridge_slave_0: left promiscuous mode
[ 1162.530460][ T6539] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1162.717587][T21450] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=21450 comm=syz.1.4143
[ 1163.309350][ T5818] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[ 1163.334483][ T5818] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[ 1163.344188][ T5818] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[ 1163.375224][ T5818] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[ 1163.385861][ T5818] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[ 1164.242614][T21448] SELinux: syz.2.4145 (21448) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1164.795339][ T6539] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1164.806300][ T6539] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1164.819821][ T6539] bond0 (unregistering): Released all slaves
[ 1165.487047][T21471] SELinux: syz.2.4150 (21471) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1166.204053][T21285] Bluetooth: hci3: command tx timeout
[ 1166.433701][  T971] usb 4-1: new high-speed USB device number 107 using dummy_hcd
[ 1166.591915][ T6539] hsr_slave_0: left promiscuous mode
[ 1166.614792][ T6539] hsr_slave_1: left promiscuous mode
[ 1166.624718][ T6539] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1167.216117][T21505] netlink: 192 bytes leftover after parsing attributes in process `syz.6.4154'.
[ 1167.550117][ T6539] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1167.620044][  T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1167.637339][  T971] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1167.647185][  T971] usb 4-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00
[ 1167.656241][  T971] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1167.665606][  T971] usb 4-1: config 0 descriptor??
[ 1167.696241][ T6539] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1167.719387][ T6539] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1167.772343][ T6539] veth1_macvtap: left promiscuous mode
[ 1167.784127][ T6539] veth0_macvtap: left promiscuous mode
[ 1167.789789][ T6539] veth1_vlan: left promiscuous mode
[ 1167.809301][ T6539] veth0_vlan: left promiscuous mode
[ 1168.363850][T21285] Bluetooth: hci3: command tx timeout
[ 1169.124531][  T971] usbhid 4-1:0.0: can't add hid device: -71
[ 1169.152124][  T971] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[ 1169.232300][  T971] usb 4-1: USB disconnect, device number 107
[ 1169.660262][T21523] SELinux: syz.6.4160 (21523) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1170.507319][T21285] Bluetooth: hci3: command tx timeout
[ 1171.179462][T21534] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=10498 sclass=netlink_route_socket pid=21534 comm=syz.3.4163
[ 1171.226450][T21531] SELinux: syz.2.4161 (21531) wrote to /sys/fs/selinux/user! This will not be supported in the future; please update your userspace.
[ 1171.474539][T21285] Bluetooth: hci0: unexpected event for opcode 0x203d
[ 1171.668677][T21555] netlink: 'syz.1.4168': attribute type 3 has an invalid length.
[ 1172.400086][ T6539] team0 (unregistering): Port device team_slave_1 removed
[ 1172.467717][ T6539] team0 (unregistering): Port device team_slave_0 removed
[ 1172.526508][T21285] Bluetooth: hci3: command tx timeout
[ 1172.947695][T21451] chnl_net:caif_netlink_parms(): no params data found
[ 1173.202969][T21451] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1173.223298][T21451] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1173.237837][T21451] bridge_slave_0: entered allmulticast mode
[ 1173.251462][T21451] bridge_slave_0: entered promiscuous mode
[ 1173.267618][T21285] Bluetooth: hci1: unexpected event for opcode 0x0c03
[ 1173.274764][   T47] usb 3-1: new high-speed USB device number 71 using dummy_hcd
[ 1173.284683][T21451] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1173.301142][T21451] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1173.309396][T21451] bridge_slave_1: entered allmulticast mode
[ 1173.337538][T21451] bridge_slave_1: entered promiscuous mode
[ 1173.448926][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1173.493413][   T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1173.504475][   T47] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1173.521235][T21451] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1173.531061][   T47] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1173.545600][T21451] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1173.556053][   T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1173.587548][   T47] usb 3-1: config 0 descriptor??
[ 1173.641236][T21451] team0: Port device team_slave_0 added
[ 1173.696931][T21451] team0: Port device team_slave_1 added
[ 1173.983278][T21578] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[ 1173.983373][T21577] Bluetooth: hci0: Opcode 0x0c03 failed: -4
[ 1174.001017][T21578] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[ 1174.011821][T21578] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[ 1174.022661][T21578] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[ 1174.068744][   T47] plantronics 0003:047F:FFFF.0033: No inputs registered, leaving
[ 1174.083687][T21578] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[ 1174.116555][   T47] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[ 1174.123992][T21578] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1174.177342][T21451] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1174.185021][T21451] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.215042][T21578] Bluetooth: hci3: Opcode 0x0406 failed: -4
[ 1174.252300][T21451] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1174.286918][T21451] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1174.299348][T21451] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1174.329274][T21451] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1174.588491][T21602] FAULT_INJECTION: forcing a failure.
[ 1174.588491][T21602] name failslab, interval 1, probability 0, space 0, times 0
[ 1174.601524][T21602] CPU: 0 UID: 0 PID: 21602 Comm: syz.3.4176 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1174.601547][T21602] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1174.601557][T21602] Call Trace:
[ 1174.601563][T21602]  <TASK>
[ 1174.601571][T21602]  dump_stack_lvl+0x16c/0x1f0
[ 1174.601597][T21602]  should_fail_ex+0x512/0x640
[ 1174.601618][T21602]  ? __kmalloc_node_track_caller_noprof+0xc3/0x510
[ 1174.601639][T21602]  should_failslab+0xc2/0x120
[ 1174.601657][T21602]  __kmalloc_node_track_caller_noprof+0xd6/0x510
[ 1174.601674][T21602]  ? vfs_parse_fs_string+0xc3/0x150
[ 1174.601700][T21602]  kmemdup_nul+0x49/0xf0
[ 1174.601720][T21602]  vfs_parse_fs_string+0xc3/0x150
[ 1174.601736][T21602]  ? __pfx_vfs_parse_fs_string+0x10/0x10
[ 1174.601762][T21602]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 1174.601780][T21602]  ? __pfx_vfs_parse_comma_sep+0x10/0x10
[ 1174.601795][T21602]  vfs_parse_monolithic_sep+0x16f/0x1f0
[ 1174.601812][T21602]  ? __pfx_vfs_parse_monolithic_sep+0x10/0x10
[ 1174.601830][T21602]  ? __pfx_fuse_init_fs_context+0x10/0x10
[ 1174.601851][T21602]  ? alloc_fs_context+0x59b/0x9c0
[ 1174.601873][T21602]  path_mount+0x148d/0x1f20
[ 1174.601893][T21602]  ? kmem_cache_free+0x2d4/0x4d0
[ 1174.601917][T21602]  ? __pfx_path_mount+0x10/0x10
[ 1174.601937][T21602]  ? putname+0x154/0x1a0
[ 1174.601958][T21602]  __x64_sys_mount+0x28d/0x310
[ 1174.601976][T21602]  ? __pfx___x64_sys_mount+0x10/0x10
[ 1174.601992][T21602]  ? rcu_is_watching+0x12/0xc0
[ 1174.602018][T21602]  do_syscall_64+0xcd/0x260
[ 1174.602041][T21602]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1174.602058][T21602] RIP: 0033:0x7fb4fcf8e969
[ 1174.602071][T21602] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1174.602086][T21602] RSP: 002b:00007fb4fde48038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5
[ 1174.602102][T21602] RAX: ffffffffffffffda RBX: 00007fb4fd1b6160 RCX: 00007fb4fcf8e969
[ 1174.602113][T21602] RDX: 0000200000002100 RSI: 0000200000000000 RDI: 0000000000000000
[ 1174.602123][T21602] RBP: 00007fb4fde48090 R08: 0000200000000080 R09: 0000000000000000
[ 1174.602134][T21602] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1174.602144][T21602] R13: 0000000000000000 R14: 00007fb4fd1b6160 R15: 00007ffea3a39288
[ 1174.602168][T21602]  </TASK>
[ 1174.867860][T21451] hsr_slave_0: entered promiscuous mode
[ 1174.874128][T21451] hsr_slave_1: entered promiscuous mode
[ 1174.880249][T21451] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1174.888332][T21451] Cannot create hsr debugfs directory
[ 1175.239912][   T30] audit: type=1400 audit(2000000335.920:1283): avc:  denied  { setattr } for  pid=21605 comm="syz.3.4178" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1175.298555][T21606] netfs: Couldn't get user pages (rc=-14)
[ 1175.339408][T21606] FAULT_INJECTION: forcing a failure.
[ 1175.339408][T21606] name failslab, interval 1, probability 0, space 0, times 0
[ 1175.341086][    C1] plantronics 0003:047F:FFFF.0033: usb_submit_urb(ctrl) failed: -1
[ 1175.390893][   T30] audit: type=1400 audit(2000000335.940:1284): avc:  denied  { write } for  pid=21605 comm="syz.3.4178" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1175.402864][T21606] CPU: 0 UID: 0 PID: 21606 Comm: syz.3.4178 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1175.402889][T21606] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1175.402898][T21606] Call Trace:
[ 1175.402903][T21606]  <TASK>
[ 1175.402910][T21606]  dump_stack_lvl+0x16c/0x1f0
[ 1175.402935][T21606]  should_fail_ex+0x512/0x640
[ 1175.402953][T21606]  ? fs_reclaim_acquire+0xae/0x150
[ 1175.402974][T21606]  should_failslab+0xc2/0x120
[ 1175.402990][T21606]  kmem_cache_alloc_noprof+0x6d/0x3b0
[ 1175.403014][T21606]  ? p9_tag_alloc+0x9c/0x640
[ 1175.403035][T21606]  p9_tag_alloc+0x9c/0x640
[ 1175.403052][T21606]  ? kasan_save_stack+0x33/0x60
[ 1175.403076][T21606]  ? __pfx_p9_tag_alloc+0x10/0x10
[ 1175.403092][T21606]  ? netfs_do_issue_write+0x92/0x110
[ 1175.403109][T21606]  ? netfs_end_issue_write+0x14c/0x200
[ 1175.403124][T21606]  ? netfs_unbuffered_write+0x4c3/0x670
[ 1175.403141][T21606]  ? netfs_unbuffered_write_iter_locked+0x808/0xd40
[ 1175.403162][T21606]  ? netfs_unbuffered_write_iter+0x414/0x6d0
[ 1175.403182][T21606]  ? v9fs_file_write_iter+0xbf/0x100
[ 1175.403204][T21606]  ? vfs_write+0x5ba/0x1180
[ 1175.403223][T21606]  ? ksys_write+0x12a/0x240
[ 1175.403241][T21606]  ? do_syscall_64+0xcd/0x260
[ 1175.403259][T21606]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.403278][T21606]  p9_client_prepare_req+0x19b/0x4d0
[ 1175.403298][T21606]  ? __pfx_p9_client_prepare_req+0x10/0x10
[ 1175.403326][T21606]  p9_client_rpc+0x1c4/0xc50
[ 1175.403348][T21606]  ? __pfx_p9_client_rpc+0x10/0x10
[ 1175.403367][T21606]  ? __call_rcu_common.constprop.0+0x3e5/0x9f0
[ 1175.403382][T21606]  ? lockdep_hardirqs_on+0x7c/0x110
[ 1175.403404][T21606]  ? kmem_cache_free+0x173/0x4d0
[ 1175.403425][T21606]  ? p9_req_put+0x1c6/0x250
[ 1175.403449][T21606]  p9_client_write+0x245/0x6f0
[ 1175.403477][T21606]  ? __pfx_p9_client_write+0x10/0x10
[ 1175.403505][T21606]  v9fs_issue_write+0xe3/0x1b0
[ 1175.403526][T21606]  ? __pfx_v9fs_issue_write+0x10/0x10
[ 1175.403546][T21606]  ? netfs_advance_write+0x81f/0xc40
[ 1175.403564][T21606]  ? rcu_is_watching+0x12/0xc0
[ 1175.403584][T21606]  netfs_do_issue_write+0x92/0x110
[ 1175.403605][T21606]  netfs_end_issue_write+0x14c/0x200
[ 1175.403625][T21606]  netfs_unbuffered_write+0x4c3/0x670
[ 1175.403645][T21606]  ? __pfx_netfs_unbuffered_write+0x10/0x10
[ 1175.403662][T21606]  ? trace_netfs_folioq+0x188/0x210
[ 1175.403676][T21606]  ? __pfx_netfs_extract_user_iter+0x10/0x10
[ 1175.403701][T21606]  ? iov_iter_folio_queue+0x3e/0x1f0
[ 1175.403722][T21606]  ? rolling_buffer_init+0x8a/0xb0
[ 1175.403738][T21606]  ? netfs_create_write_req+0x511/0x880
[ 1175.403757][T21606]  netfs_unbuffered_write_iter_locked+0x808/0xd40
[ 1175.403784][T21606]  netfs_unbuffered_write_iter+0x414/0x6d0
[ 1175.403811][T21606]  v9fs_file_write_iter+0xbf/0x100
[ 1175.403833][T21606]  vfs_write+0x5ba/0x1180
[ 1175.403854][T21606]  ? __pfx_v9fs_file_write_iter+0x10/0x10
[ 1175.403877][T21606]  ? __pfx___mutex_lock+0x10/0x10
[ 1175.403896][T21606]  ? __pfx_vfs_write+0x10/0x10
[ 1175.403931][T21606]  ksys_write+0x12a/0x240
[ 1175.403951][T21606]  ? __pfx_ksys_write+0x10/0x10
[ 1175.403970][T21606]  ? rcu_is_watching+0x12/0xc0
[ 1175.403993][T21606]  do_syscall_64+0xcd/0x260
[ 1175.404012][T21606]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1175.404026][T21606] RIP: 0033:0x7fb4fcf8e969
[ 1175.404039][T21606] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[ 1175.404052][T21606] RSP: 002b:00007fb4fde8a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[ 1175.404067][T21606] RAX: ffffffffffffffda RBX: 00007fb4fd1b5fa0 RCX: 00007fb4fcf8e969
[ 1175.404077][T21606] RDX: 0000000000001006 RSI: 0000200000000540 RDI: 0000000000000007
[ 1175.404086][T21606] RBP: 00007fb4fde8a090 R08: 0000000000000000 R09: 0000000000000000
[ 1175.404095][T21606] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002
[ 1175.404104][T21606] R13: 0000000000000000 R14: 00007fb4fd1b5fa0 R15: 00007ffea3a39288
[ 1175.404126][T21606]  </TASK>
[ 1175.440435][ T6539] ==================================================================
[ 1175.440449][ T6539] BUG: KASAN: slab-out-of-bounds in iov_iter_revert+0x443/0x5a0
[ 1175.440476][ T6539] Read of size 4 at addr ffff8880360e3138 by task kworker/u8:9/6539
[ 1175.440491][ T6539] 
[ 1175.440499][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: kworker/u8:9 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1175.440519][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1175.440530][ T6539] Workqueue: events_unbound netfs_write_collection_worker
[ 1175.440553][ T6539] Call Trace:
[ 1175.440558][ T6539]  <TASK>
[ 1175.440564][ T6539]  dump_stack_lvl+0x116/0x1f0
[ 1175.440584][ T6539]  print_report+0xc3/0x670
[ 1175.440598][ T6539]  ? __virt_addr_valid+0x5e/0x590
[ 1175.440618][ T6539]  ? __phys_addr+0xc6/0x150
[ 1175.440637][ T6539]  ? iov_iter_revert+0x443/0x5a0
[ 1175.440658][ T6539]  kasan_report+0xe0/0x110
[ 1175.440672][ T6539]  ? iov_iter_revert+0x443/0x5a0
[ 1175.440698][ T6539]  iov_iter_revert+0x443/0x5a0
[ 1175.440719][ T6539]  netfs_retry_writes+0x166d/0x1a50
[ 1175.440737][ T6539]  ? rcu_is_watching+0x12/0xc0
[ 1175.440756][ T6539]  ? __lock_acquire+0xaa4/0x1ba0
[ 1175.440780][ T6539]  ? __pfx_netfs_retry_writes+0x10/0x10
[ 1175.440796][ T6539]  ? __pfx___mod_timer+0x10/0x10
[ 1175.440820][ T6539]  ? register_lock_class+0x41/0x4c0
[ 1175.440844][ T6539]  netfs_write_collection_worker+0x23fd/0x3830
[ 1175.440873][ T6539]  process_one_work+0x9cc/0x1b70
[ 1175.440893][ T6539]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1175.440916][ T6539]  ? __pfx_process_one_work+0x10/0x10
[ 1175.440934][ T6539]  ? assign_work+0x1a0/0x250
[ 1175.440950][ T6539]  worker_thread+0x6c8/0xf10
[ 1175.440969][ T6539]  ? __kthread_parkme+0x19e/0x250
[ 1175.440989][ T6539]  ? __pfx_worker_thread+0x10/0x10
[ 1175.441003][ T6539]  kthread+0x3c2/0x780
[ 1175.441018][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441030][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441042][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441055][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441067][ T6539]  ? rcu_is_watching+0x12/0xc0
[ 1175.441084][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441097][ T6539]  ret_from_fork+0x45/0x80
[ 1175.441111][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1175.441124][ T6539]  ret_from_fork_asm+0x1a/0x30
[ 1175.441151][ T6539]  </TASK>
[ 1175.441156][ T6539] 
[ 1176.014017][ T6539] Allocated by task 21607:
[ 1176.018413][ T6539]  kasan_save_stack+0x33/0x60
[ 1176.023081][ T6539]  kasan_save_track+0x14/0x30
[ 1176.027743][ T6539]  __kasan_kmalloc+0xaa/0xb0
[ 1176.032317][ T6539]  kmem_cache_free+0x148/0x4d0
[ 1176.037070][ T6539]  __fput_deferred+0x2d5/0x370
[ 1176.041814][ T6539]  fput_close+0x118/0x250
[ 1176.046124][ T6539]  path_openat+0xf22/0x2d40
[ 1176.050616][ T6539]  do_filp_open+0x20b/0x470
[ 1176.055107][ T6539]  do_sys_openat2+0x11b/0x1d0
[ 1176.059765][ T6539]  __x64_sys_openat+0x174/0x210
[ 1176.064603][ T6539]  do_syscall_64+0xcd/0x260
[ 1176.069090][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1176.074964][ T6539] 
[ 1176.077279][ T6539] Freed by task 5858:
[ 1176.081233][ T6539]  kasan_save_stack+0x33/0x60
[ 1176.085900][ T6539]  kasan_save_track+0x14/0x30
[ 1176.090563][ T6539]  kasan_save_free_info+0x3b/0x60
[ 1176.095570][ T6539]  __kasan_slab_free+0x51/0x70
[ 1176.100312][ T6539]  kfree+0x2b6/0x4d0
[ 1176.104200][ T6539]  slab_free_after_rcu_debug+0x69/0x350
[ 1176.109732][ T6539]  rcu_core+0x799/0x14e0
[ 1176.113955][ T6539]  handle_softirqs+0x216/0x8e0
[ 1176.118714][ T6539]  do_softirq+0xb2/0xf0
[ 1176.122863][ T6539]  __local_bh_enable_ip+0x100/0x120
[ 1176.128057][ T6539]  update_defense_level+0x5d5/0xf70
[ 1176.133244][ T6539]  defense_work_handler+0x26/0xd0
[ 1176.138257][ T6539]  process_one_work+0x9cc/0x1b70
[ 1176.143178][ T6539]  worker_thread+0x6c8/0xf10
[ 1176.147757][ T6539]  kthread+0x3c2/0x780
[ 1176.151807][ T6539]  ret_from_fork+0x45/0x80
[ 1176.156208][ T6539]  ret_from_fork_asm+0x1a/0x30
[ 1176.161022][ T6539] 
[ 1176.163326][ T6539] Last potentially related work creation:
[ 1176.169020][ T6539]  kasan_save_stack+0x33/0x60
[ 1176.173686][ T6539]  kasan_record_aux_stack+0xb8/0xd0
[ 1176.178867][ T6539]  __call_rcu_common.constprop.0+0x9a/0x9f0
[ 1176.184743][ T6539]  kmem_cache_free+0x173/0x4d0
[ 1176.189492][ T6539]  __fput_deferred+0x2d5/0x370
[ 1176.194236][ T6539]  fput_close+0x118/0x250
[ 1176.198549][ T6539]  path_openat+0xf22/0x2d40
[ 1176.203039][ T6539]  do_filp_open+0x20b/0x470
[ 1176.207529][ T6539]  do_sys_openat2+0x11b/0x1d0
[ 1176.212188][ T6539]  __x64_sys_openat+0x174/0x210
[ 1176.217023][ T6539]  do_syscall_64+0xcd/0x260
[ 1176.221510][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1176.227383][ T6539] 
[ 1176.229689][ T6539] The buggy address belongs to the object at ffff8880360e3100
[ 1176.229689][ T6539]  which belongs to the cache kmalloc-32 of size 32
[ 1176.243547][ T6539] The buggy address is located 24 bytes to the right of
[ 1176.243547][ T6539]  allocated 32-byte region [ffff8880360e3100, ffff8880360e3120)
[ 1176.258029][ T6539] 
[ 1176.260357][ T6539] The buggy address belongs to the physical page:
[ 1176.266763][ T6539] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x360e3
[ 1176.275511][ T6539] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[ 1176.282604][ T6539] page_type: f5(slab)
[ 1176.286569][ T6539] raw: 00fff00000000000 ffff88801b441780 dead000000000100 dead000000000122
[ 1176.295136][ T6539] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000
[ 1176.303698][ T6539] page dumped because: kasan: bad access detected
[ 1176.310112][ T6539] page_owner tracks the page as allocated
[ 1176.315817][ T6539] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52800(GFP_NOWAIT|__GFP_NORETRY|__GFP_COMP), pid 5338, tgid 5338 (v4l_id), ts 26752974826, free_ts 26521217198
[ 1176.333436][ T6539]  post_alloc_hook+0x181/0x1b0
[ 1176.338200][ T6539]  get_page_from_freelist+0x135c/0x3920
[ 1176.343733][ T6539]  __alloc_frozen_pages_noprof+0x263/0x23a0
[ 1176.349637][ T6539]  alloc_pages_mpol+0x1fb/0x550
[ 1176.354467][ T6539]  new_slab+0x244/0x340
[ 1176.358606][ T6539]  ___slab_alloc+0xd9c/0x1940
[ 1176.363279][ T6539]  __slab_alloc.constprop.0+0x56/0xb0
[ 1176.368637][ T6539]  __kmalloc_cache_noprof+0xfb/0x3e0
[ 1176.373907][ T6539]  kmem_cache_free+0x148/0x4d0
[ 1176.378658][ T6539]  vms_complete_munmap_vmas+0x573/0x970
[ 1176.384191][ T6539]  __mmap_region+0xb81/0x27c0
[ 1176.388845][ T6539]  mmap_region+0x1ab/0x3f0
[ 1176.393239][ T6539]  do_mmap+0xd8e/0x11b0
[ 1176.397378][ T6539]  vm_mmap_pgoff+0x281/0x450
[ 1176.401950][ T6539]  ksys_mmap_pgoff+0x32c/0x5c0
[ 1176.406695][ T6539]  __x64_sys_mmap+0x125/0x190
[ 1176.411352][ T6539] page last free pid 5334 tgid 5334 stack trace:
[ 1176.417655][ T6539]  __free_frozen_pages+0x69d/0xff0
[ 1176.422766][ T6539]  qlist_free_all+0x4e/0x120
[ 1176.427342][ T6539]  kasan_quarantine_reduce+0x195/0x1e0
[ 1176.432802][ T6539]  __kasan_slab_alloc+0x69/0x90
[ 1176.437633][ T6539]  kmem_cache_alloc_noprof+0x1cb/0x3b0
[ 1176.443081][ T6539]  getname_flags.part.0+0x4c/0x550
[ 1176.448174][ T6539]  getname_flags+0x93/0xf0
[ 1176.452575][ T6539]  vfs_fstatat+0xe1/0xf0
[ 1176.456801][ T6539]  __do_sys_newfstatat+0xa1/0x130
[ 1176.461811][ T6539]  do_syscall_64+0xcd/0x260
[ 1176.466299][ T6539]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1176.472172][ T6539] 
[ 1176.474476][ T6539] Memory state around the buggy address:
[ 1176.480084][ T6539]  ffff8880360e3000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 1176.488126][ T6539]  ffff8880360e3080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 1176.496165][ T6539] >ffff8880360e3100: fa fb fb fb fc fc fc fc 00 00 00 00 fc fc fc fc
[ 1176.504203][ T6539]                                         ^
[ 1176.510071][ T6539]  ffff8880360e3180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc
[ 1176.518111][ T6539]  ffff8880360e3200: 00 00 00 00 fc fc fc fc 00 00 00 00 fc fc fc fc
[ 1176.526150][ T6539] ==================================================================
[ 1176.538971][   T30] audit: type=1400 audit(2000000335.960:1285): avc:  denied  { open } for  pid=21605 comm="syz.3.4178" path="/186/file0" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[ 1176.561375][   T30] audit: type=1400 audit(2000000335.980:1286): avc:  denied  { map } for  pid=21605 comm="syz.3.4178" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1176.585672][   T30] audit: type=1400 audit(2000000335.980:1287): avc:  denied  { execute } for  pid=21605 comm="syz.3.4178" path="/dev/loop6" dev="devtmpfs" ino=653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1
[ 1176.587934][T21285] Bluetooth: hci5: command 0x0406 tx timeout
[ 1176.610115][   T30] audit: type=1400 audit(2000000337.220:1288): avc:  denied  { write } for  pid=5794 comm="syz-executor" path="pipe:[4640]" dev="pipefs" ino=4640 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1
[ 1176.639918][T21285] Bluetooth: hci3: command 0x0c1a tx timeout
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[ 1176.646115][T21285] Bluetooth: hci1: command 0x0406 tx timeout
[ 1176.650944][ T5818] Bluetooth: hci2: command 0x0406 tx timeout
[ 1176.918567][ T6539] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1176.925801][ T6539] CPU: 0 UID: 0 PID: 6539 Comm: kworker/u8:9 Not tainted 6.15.0-rc4-syzkaller-00147-gebd297a2affa #0 PREEMPT(full) 
[ 1176.937959][ T6539] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025
[ 1176.947992][ T6539] Workqueue: events_unbound netfs_write_collection_worker
[ 1176.955095][ T6539] Call Trace:
[ 1176.958350][ T6539]  <TASK>
[ 1176.961257][ T6539]  dump_stack_lvl+0x3d/0x1f0
[ 1176.965827][ T6539]  panic+0x71c/0x800
[ 1176.969706][ T6539]  ? __pfx_panic+0x10/0x10
[ 1176.974102][ T6539]  ? mark_held_locks+0x49/0x80
[ 1176.978847][ T6539]  ? preempt_schedule_thunk+0x16/0x30
[ 1176.984193][ T6539]  ? iov_iter_revert+0x443/0x5a0
[ 1176.989108][ T6539]  ? preempt_schedule_common+0x44/0xc0
[ 1176.994541][ T6539]  ? check_panic_on_warn+0x1f/0xb0
[ 1176.999639][ T6539]  ? iov_iter_revert+0x443/0x5a0
[ 1177.004553][ T6539]  check_panic_on_warn+0xab/0xb0
[ 1177.009470][ T6539]  end_report+0x107/0x170
[ 1177.013773][ T6539]  kasan_report+0xee/0x110
[ 1177.018163][ T6539]  ? iov_iter_revert+0x443/0x5a0
[ 1177.023076][ T6539]  iov_iter_revert+0x443/0x5a0
[ 1177.027818][ T6539]  netfs_retry_writes+0x166d/0x1a50
[ 1177.032993][ T6539]  ? rcu_is_watching+0x12/0xc0
[ 1177.037732][ T6539]  ? __lock_acquire+0xaa4/0x1ba0
[ 1177.042659][ T6539]  ? __pfx_netfs_retry_writes+0x10/0x10
[ 1177.048188][ T6539]  ? __pfx___mod_timer+0x10/0x10
[ 1177.053108][ T6539]  ? register_lock_class+0x41/0x4c0
[ 1177.058290][ T6539]  netfs_write_collection_worker+0x23fd/0x3830
[ 1177.064429][ T6539]  process_one_work+0x9cc/0x1b70
[ 1177.069343][ T6539]  ? __pfx_toggle_allocation_gate+0x10/0x10
[ 1177.075222][ T6539]  ? __pfx_process_one_work+0x10/0x10
[ 1177.080587][ T6539]  ? assign_work+0x1a0/0x250
[ 1177.085170][ T6539]  worker_thread+0x6c8/0xf10
[ 1177.089736][ T6539]  ? __kthread_parkme+0x19e/0x250
[ 1177.094739][ T6539]  ? __pfx_worker_thread+0x10/0x10
[ 1177.099822][ T6539]  kthread+0x3c2/0x780
[ 1177.103876][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.108436][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.112995][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.117568][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.122130][ T6539]  ? rcu_is_watching+0x12/0xc0
[ 1177.126870][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.131432][ T6539]  ret_from_fork+0x45/0x80
[ 1177.135823][ T6539]  ? __pfx_kthread+0x10/0x10
[ 1177.140384][ T6539]  ret_from_fork_asm+0x1a/0x30
[ 1177.145143][ T6539]  </TASK>
[ 1177.148332][ T6539] Kernel Offset: disabled
[ 1177.152632][ T6539] Rebooting in 86400 seconds..